Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
JANUARY 2016
Contents
Executive Overview
Introduction
How Does Rapid Home Provisioning Work?
Simplified Patching with Rapid Home Provisioning
Oracle Database 12c Provisioning Experience with Rapid Home Provisioning
Rapid Home Provisioning Architecture
Rapid Home Provisioning Server
Rapid Home Provisioning Client
Rapid Home Provisioning Roles
Rapid Home Provisioning Images
Using Rapid Home Provisioning
Creating a Rapid Home Provisioning Server
Adding Gold Images to the Rapid Home Provisioning Server
Provisioning Software
Creating a Rapid Home Provisioning Client
Managing Rapid Home Provisioning Clients
Scenarios to Use Rapid Home Provisioning
Scenario 1 Switch to Managed Homes
Scenario 2 Databases Provisioning
Scenario 3 Databases Patching
Scenario 4 Mass Patch Apply
Conclusion
Appendix 1 - New Concepts for Rapid Home Provisioning
2
2
3
6
7
7
8
8
9
9
11
11
12
13
13
14
16
16
17
18
19
20
21
Executive Overview
Rapid Home Provisioning (RHP) represents a standard way for provisioning and patching at the organizational level,
in a unified manner, across all architectural layers of software infrastructure Oracle databases and custom
software. RHP increases performance and improves efficiency in provisioning and managing templates of Oracle
software, such as Oracle databases, on all nodes in a data center.
RHP benefits all stakeholders in an IT estate:
Administrators - a simple and efficient method of patching and deploying software homes to nodes in a
cloud computing environment from a single cluster.
Business users - a transparent mechanism that provides them access to the latest releases of Oracle
database software and custom software.
Rapid Home Provisioning allows the administrative tasks related to database software distribution and deployment
to be performed in an automated and standardized manner, thus allowing key people in the IT organization to focus
on innovative activities that bring the most value.
Extreme consolidation and a growing infrastructure footprint have made it increasingly difficult to keep our systems
up to date with the latest Oracle patches. With Rapid Home Provisioning, we are now able to manage patching and
upgrades with minimal impact to business, while also providing a reliable platform for our agile development
environment. Ravi Kulkarni, Senior IT Manager, Dell Inc.
Introduction
Many organizations struggle to keep their software current with the constant release of new patches and updates.
Database administrators are tasked with:
Creating many test and quality assurance environments for each patchset
Best practice tends towards more frequent patching, with several shorter duration windows being considered less
disruptive, and more easily scheduled, than one longer window. However, overall, maintenance windows are
diminishing as availability demands from both management and application owners are increasing.
Reducing or even eliminating the need to install software for each instantiation of a home can result in significant
time saving. Having a set of images, where each image in this set represents a different software configuration, aids
in rapid provisioning of test or quality assurance environments. With a series of logically related images it is easier to
devise a back-out strategy, which is integral to any patching scenario. Having gold images, which are then pushed
out to any number of hosts, underpins a standardized, automated provisioning system.
Rapid Home Provisioning (RHP) is a new feature that allows for centralized software deployment. Software need be
installed only once, then stored on the RHP server, and from there can be provisioned to any node or cluster in the
private cloud, as many times as needed.
RHP will
A workingcopy is an instantiation of an Oracle database software home. Workingcopies are writeable and
independent of one another, even when instantiated from the same gold image.
Oracle Automatic Storage Management Cluster File System (Oracle ACFS) is the recommended approach
for provisioning workingcopies using RHP. When Oracle ACFS is used, workingcopies can be deployed as
ACFS snapshots providing a fast, space-efficient approach to provisioning.
When using Rapid Home Provisioning, the DBA can provision Oracle Database software for the various versions of
the Oracle Database releases, such as 10.2.0.5 (Oracle Database 10g), 11.2.0.x (Oracle Database 11g), 12.1.0.1,
and 12.1.0.2 (Oracle Database 12c). When the DBA provisions such software, Rapid Home Provisioning offers
additional features for creating various types of databases (such as Oracle Real Application Clusters (Oracle RAC),
single instance, and Oracle Real Application Clusters One Node (Oracle RAC One Node) databases on different
types of storage, and other options, such as using templates and creating Oracle Multitenant Container Databases
(CDBs). In addition, Rapid Home Provisioning makes patching of database software more efficient, thus allowing for
rapid and remote patching of the software, without any downtime for the database.
The benefits of using Rapid Home Provisioning are:
A simple and efficient method of deploying and patching software homes to nodes in a cloud computing
environment from a single cluster.
A transparent mechanism that provides access to the latest versions of the applications, middleware, and
databases.
A standard approach for provisioning and patching at an organizational level across all architectural layers
of software infrastructure Oracle databases, middleware, custom software.
Out-of-place patching is the typical approach to patching. The patched environment is created in a new directory
path and then each database has its home switched to the new path. This approach will work whether the database
home is shared (by several databases) or not. Prior to Rapid Home Provisioning there was no packaged way to
adopt this process; the DBA had to build the steps to perform the process each time. Scripting is possible, to some
extent, but the onus was always on the DBA to keep these scripts current.
Rapid Home Provisioning simplifies this solution, significantly reducing the possibility of human error.
Note that if a new gold image were being created there would be a one-time set of activities as:
Add a workingcopy
Opatch install
Validate
Push as new gold image
Gold images
The Rapid Home Provisioning Server acts as a central server for provisioning Oracle homes, and making them
available on Rapid Home Provisioning Client clusters.
Users operate on the Rapid Home Provisioning Server or Rapid Home Provisioning Client cluster site to request
deployment of Oracle homes or to query gold images. When a user makes a request for an Oracle home, specifying
a gold image, the Rapid Home Provisioning Client communicates with the Rapid Home Provisioning Server to pass
on the request. The Rapid Home Provisioning Server processes the request by taking appropriate action to
instantiate a copy of the gold image, and to make it available to the Rapid Home Provisioning Client cluster using
available technologies such as Oracle Automatic Storage Management Cluster File System (Oracle ACFS), network
file systems (NFSs), and snapshots.
Efficiently stores gold images for the managed homes, including separate binaries, and metadata related
to users, roles, and permissions.
Provides highly available network file system (HANFS) exports for homes accessed using mounts on
remote clusters.
Allows patching a software home once and then deploying the home to any Rapid Home Provisioning
Client, instead of patching every site.
Uses Oracle ACFS to store workingcopies which can be rapidly provisioned as local homes; new homes
can be quickly created or undone using Oracle ACFS snapshots.
Provides a list of available homes from the Rapid Home Provisioning Server.
Allows high availability NFS (HANFS) mounts from the Rapid Home Provisioning Server to be provisioned
as working copies on the Rapid Home Provisioning Client cluster.
The NFS home client is a Rapid Home Provisioning Client that does not have Oracle ACFS installed, and can still
access the Rapid Home Provisioning Server through an NFS protocol. In an NFS protocol environment, the Rapid
Home Provisioning Server must have an HA-NFS server configured so that the Rapid Home Provisioning Client can
maintain connectivity through failovers on the RHP server.
GH_WC_USER: A role that enables users to create working copies using the rhpctl add
workingcopy command. Users assigned this role do not have administrative privileges and can delete
only working copies that they create.
GH_WC_OPER: This role extends the GH_WC_OPER role by enabling users to create working copies for
themselves or others using the rhpctl add workingcopy command with the -user option (when
creating for others). Users assigned this role do not have administrative privileges and can administer only
the working copies that they create.
Other built-in roles address privileges for creating and administering gold images, image series, and user/role
administration itself.
The composite role GH_CA includes all the basic roles needed to administer an RHP client. The Oracle Grid
Infrastructure user on a Rapid Home Provisioning Client automatically inherits this role.
Similarly, the composite role GH_SA includes all the basic roles needed to administer an RHP server. This role
includes the roles available to GH_CA, plus the ability to administer roles and everything related to RHP clients.
The Oracle Grid Infrastructure user on a Rapid Home Provisioning Server automatically inherits this role.
The Rapid Home Provisioning Server can associate user-role mappings to the Rapid Home Provisioning Client.
There is a need for security and isolation if there are multiple user-communities involved in a single domain of RHP
Server and RHP Clients. The roles-based approach we have adopted with RHP controls access to various entities,
providing the necessary separation and security within the deployment. Assigning roles to a community prevents
other community users from acting on entities not belonging to them.
Image State
The DBA can set the state of a gold image to TESTABLE or RESTRICTED so that only users with the
GH_IMG_TESTABLE or GH_IMG_RESTRICT roles can provision working copies from this gold image. Once the gold
image has been tested or validated, the DBA can change the state and make the gold image available for general
use by running the rhpctl promote image -image image_name -state PUBLISHED command. The
default image state is PUBLISHED when the DBA adds a new gold image if the state is not specified in either the
rhpctl add image or rhpctl import image commands.
Image Series
Rapid Home Provisioning treats each gold image as an independent entity with respect to other gold images. No
relationship is assumed between gold images, even if they follow some specific nomenclature.
Using an image series is a convenient way to group different gold images into a logical sequence. Use the rhpctl
add series command to create an image series and associate one or more images to this series. The list of gold
images in an image series is an ordered list. Use the rhpctl insertimage series and rhpctl
deleteimage series to add and delete gold images in an image series. The DBA can also change the order of
images in a series using these commands.
ASM is configured
GNS is configured such that a GNS VIP is provided. A GNS sub-domain is not required by RHP.
The Management Repository (Management DB) is available. The Management DB is installed by default
with Oracle Grid Infrastructure 12.1.0.2
Once Grid Infrastructure is installed and configured the Rapid Home Provisioning server can be configured and
started as follows:
Provide an ASM diskgroup. It is recommended that this diskgroup is at least 100Gb in size. The diskgroup
can be created using the ASM Configuration assistant (ASMCA). The diskgroup is used to store gold
images and RHP managed NFS-provisioned workingcopies.
Provide a mount path that exists on all nodes of the RHP server. The recommended path is <Grid
Infrastructure Home>/srvm/images, although any path may be provided. Oracle ACFS snapshots
can be used to provision server-local workingcopies or NFS-mounted workingcopies on clients.
Configure an HA VIP. The NFS client, on the RHP client clusters will communicate with the NFS server on
the RHP server over this IP address for some operations (and to access NFS mounted homes if used).
The VIP allows for the configuration of HA-NFS. Note that the HA VIP has to be configured in the same
subnet as the default network configured on the RHP server.
Once the pre-requisites mentioned above have been met, the RHP server can be added to Grid Infrastructure and
started.
An example of the commands to do this are:
$ mkdir p $GRID_HOME/srvm/images
As the root user:
# $GRID_HOME/bin/srvctl add rhpserver storage $GRID_HOME/srvm/images diskgroup
RHP
If an RHP client cluster will be used add an HA-VIP
# $GRID_HOME/bin/srvctl add havip id 130.130.10.10 description RHP IP
As the Grid Infrastructure owner:
$ $GRID_HOME/bin/srvctl start rhpserver
Following the start of the Rapid Home Provisioning Server, the DBA uses the Rapid Home Provisioning Control
(RHPCTL) utility to further manage Rapid Home Provisioning.
Import a gold image from an installed home on the Rapid Home Provisioning Server using the following
command:
o
Import a gold image from an installed home on a Rapid Home Provisioning Client, using the following
command run from the RHP Client:
o
Provisioning Software
After importing an image, an authorized client can provision software by adding a working copy either on the Rapid
Home Provisioning Server or on the Rapid Home Provisioning Client. This software provisioning command can be
executed on either the RHP Server or any of the RHP Clients.
rhpctl
add
workingcopy
-workingcopy
<working_copy_name>
-image
<image_name>
To create a working copy on the Rapid Home Provisioning Client using an NFS mount:
o
rhpctl
add
workingcopy
-workingcopy
<working_copy_name>
-image
To create a local working copy on the RHP Client (from the RHP Server):
o
rhpctl
add
<image_name>
workingcopy
-path
-workingcopy
<working_copy_name>
<path_to_software_home>
-image
-client
<client_cluster_name>
An HA-VIP has to exist. This may have been created when the RHP server was configured.
2.
A credential file, for use by the client to authenticate with the server, has to be created for each RHP client.
The rhpctl utility is used to create the credential file. Note that the client name used when creating the
credential has to exactly match the cluster name used when installing grid infrastructure on the client. An
XML file will be created in the directory specified by the switch -toclientdata and will be named after
the client cluster name provided in the add client command.
3.
Copy the credential file created to the RHP client cluster. The file must be readable by the owner of the
Grid Infrastructure installed on the client.
Sample commands to perform these tasks are shown in the following text box:
On the RHP server as the Grid Infrastructure owner determine if an HA-VIP has been created:
$ $GRID_HOME/bin/srvctl config havip
HAVIP exists: /rhp_vip/130.130.10.10, network number 1
Description: RHP VIP
Home Node:
HAVIP is enabled
HAVIP is individually enabled on nodes:
HAVIP is individually disabled on nodes:
If the HAVIP has not been created refer to the section on configuring the RHP server in this document
$ $GRID_HOME/bin/rhpctl add client client stormcloud-cluster -toclientdata
/home/grid
germany.oracle.com: Creating client data
germany.oracle.com: Client data created for user stormcloud-cluster
$ ls al /home/grid/stormcloud-cluster.xml
-rw-r-r-- 1 grid oinstall 3158 Oct 31 21:59 /home/grid/stormcloud-cluster.xml
Perform the following actions on the RHP client cluster:
1.
Create the RHP client using the XML wallet created for this cluster
2.
Sample commands to perform these tasks are shown in the following text box:
On the RHP client as the Grid Infrastructure owner:
$ $GRID_HOME/bin/srvctl add rhpclient clientdata /home/grid/stormcloud.xml
Note that the add rhpclient command can take an ASM diskgroup argument. The client can then serve
local homes on shared ACFS filesystems
$ $GRID_HOME/bin/srvctl start rhpclient
diskgroup <dg_name>
From the RHP Server, the DBA enables or disables Rapid Home Provisioning Clients by running
the following command:
rhpctl modify client -client client_name -enabled TRUE | FALSE
If an RHP client is disabled, all rhpctl commands from that client cluster will be rejected by the
RHP Server.
Note: Rapid Home Provisioning Clients communicate with the Rapid Home Provisioning Server for all
actions. A client cannot run any RHPCTL commands without a connection to a Rapid Home
Provisioning Server.
Creating Users and Assigning Roles for Rapid Home Provisioning Client Cluster Users
o
The commands rhpctl add client and rhpctl grant roles allow for the creation or
assignment of users and roles within the context of the Oracle Homes managed by the RHP
client. The maproles argument to these commands is used to create users and assign roles to
RHP Client users.
The RHP Client uses a password stored internally to authenticate itself with the RHP server. The
DBA on the client cannot query this password. If there is a need to reset this password, this task
is done by the DBA on the RHP server.
(Optionally) the gold image ORACLEDB12 has a working copy named myDB12HOME1 created on the client
cluster payrollCluster from it.
In order to switch the Oracle Homes for the databases from the unmanaged home to a managed home we run the
following command:
On the RHP server as the Grid Infrastructure owner:
$ $GRID_HOME/bin/rhpctl move database -sourcehome /u01/app/product/12.1.0/dbhome oraclebase
/u01/app/product/12.1.0/obase
-client
payrollCluster
-patchedwc
Note that in this example, the patchedwc myDB12HOME1 does not exist. It will be automatically created from the
ORACLEDB12 image.
When moving to an existing patchedwc, you do not need to specify an image.
Before RHP
Prepare installation media for each cluster
Log into the cluster to invoke oui
Log into each node to run root.sh
Log into the cluster to invoke dbca (software only)
Install a shared Oracle Home
Create an Oracle RAC database using dbca
Start each instance
RHP Provisioning
move
database
-sourcewc
wcDB12PSU1
-patchedwc
wcDB12PSU2
image
DBIMGPSU2
This command creates a new ORACLE_HOME based on the patched image, if it does not exist, and then switches
all Oracle databases from their current ORACLE_HOME location to the new ORACLE_HOME.
By default, patching is performed in a rolling mode. Use the -nonrolling option to perform patching in non-rolling
mode. The database is then completely stopped on the old ORACLE_HOME, and is then restarted using the newly
patched ORACLE_HOME.
For databases versions 12.1.0.1 or higher, the command rhpctl move database also executes any SQL
commands required for database patching. For database versions earlier than Oracle Database 12c Release 1, a
message is displayed asking the user to run the SQL commands for database patching manually.
If only a specific database is to have its ORACLE_HOME moved, include the dbname switch:
rhpctl move database -sourcewc wcDB12PSU1 -patchedwc wcDB12PSU2 -dbname myDB
Conclusion
Rapid Home Provisioning represents a standard for provisioning and patching at an organizational level, in a unified
manner, across many architectural layers of software infrastructure.
Rapid Home Provisioning is a method for deploying software homes and databases to nodes in a cloud computing
environment from a single cluster. The database administrator stores gold images of Oracle homes as well as
custom software. Using a workingcopy, which is a writeable Oracle ACFS snapshot of the gold image, the DBA can
provision an Oracle home, and then deploy that ORACLE_HOME to any number of RHP clients in the private cloud.
Gold images can be deployed to any cluster where a Rapid Home Provisioning Client is installed.
The benefits of using Rapid Home Provisioning are:
For Administrators: a simple method of patching and deploying software homes to nodes in a cloud
computing environment from a single cluster.
For developers and testers: quick access to a new provisioned environment for development or testing.
For users and businesses: a transparent mechanism that provides access to the latest releases of
applications, middleware, and databases.
Overall: increased performance and improved efficiency in provisioning and managing templates of Oracle
software, such as databases, middleware, and applications on any node in a cloud environment.
Worldwide Inquiries
Phone: +1.650.506.7000
Fax: +1.650.506.7200
CONNECT W ITH US
Copyright 2014, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the
contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any
means, electronic or mechanical, for any purpose, without our prior written permission.
blogs.oracle.com/oracle
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
facebook.com/oracle
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and
are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0116
twitter.com/oracle
oracle.com