Skip to main content
Delphix

Adding Oracle Standalone and RAC Targets in Kerberos-Enabled Virtualization Engine (KBA1470)

 

KBA

KBA#1470

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases
6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0, 6.0.2.1, 6.0.3.0, 6.0.3.1, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.5.0, 6.0.6.0, 6.0.6.1, 6.0.7.0

5.3

5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0, 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0

5.2

5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1

Prerequisites

  • The article assumes that Kerberos credentials have been configured through the System Setup interface.
  • Kerberized Oracle host operations are only supported in 5.2.3.0 and later.
  • Only one principal may be defined in the Kerberos configuration, and this principal must be used for all Kerberized host environments.

Configuring a Single Instance - GUI and CLI

Configuring a single instance Environment is effectively no different when using Kerberos credentials: the GUI can be used as per normal to create the environment. 

When adding a new Environment or altering the configuration of an existing Environment, it is a general Kerberos authentication requirement to configure the host address using a fully qualified domain name (FQDN).

The Login Type of Kerberos Authentication will be available once the Kerberos configuration is applied in System Setup. In the example below, the Kerberos principal krbuser has previously been configured using System Setup, so this is automatically populated when the radio button is selected:

clipboard_e2c96f26c1ea76941eb25c4e9f37e59ee.png

Alternatively, it is possible to use the CLI to create the Environment, and setting the primaryUser.credential.type to KerberosCredential.  This will cause the primaryUser.credential.password field to be removed, and userId will be left unset.

delphix.engine> /environment create
delphix.engine environment create *> set hostParameters.host.address=<FQDN>
delphix.engine environment create *> set hostParameters.host.toolkitPath=<toolkit_path>
delphix.engine environment create *> set primaryUser.credential.type=KerberosCredential
delphix.engine environment create *> commit

Configuring Oracle RAC

As the discovery logic attempts to add other nodes via IP address (based on cluster interrogation results which return the additional node IP addresses), automatic discovery of additional nodes will initially fail, causing Kerberos authentication to fail with "Could not log into <IP_address> with the provided username and password".  It is therefore also expected to see one or more failed actions under the Discovery job indicating "Add discovered cluster node" and "Add Oracle cluster node <node name>" were unsuccessful.

clipboard_ed7c66edfe891a3940761770b7980a6e0.png

 

As such, all nodes beyond the first must be added manually.

  1. The cluster can be added initially using the GUI or CLI as desired to discover the first node, configured via FQDN.

  2. Each additional node is added manually; this can be done via CLI or GUI by clicking the plus icon under Cluster Node. In the example below, bbrac31 was discovered normally, and bbrac32.d.delphix.com was manually added once Environment Discovery was completed.

clipboard_e4c08bae15e0eec587ba91822717c000b.png

3. Click the new node in the Cluster Nodes list.

4. Click the plus beside Virtual IPs and add the VIP name and address for the node.

5. Click the plus beside Listeners and add the name and protocol address of a listener on the node.  Protocol address should be in the following format. The example below assumes host VIP "bbrac15-vip.delphix.com" for illustrative purposes:

(ADDRESS=(PROTOCOL=tcp)(HOST=bbrac15-vip.delphix.com)(PORT=1521))

Configuring Oracle RAC - CLI

Use the CLI to create the cluster, specifying one of the nodes for discovery.  Make sure to set the credential type to KerberosCredential.  An example CLI configuration for a cluster with node names bbrac14/15/16 is below.  "bbrac14" will be the primary node used for discovery. Make sure to use an FQDN for the Host Address (this is a Kerberos requirement for authentication):

delphix.engine> /environment create
delphix.engine environment create *> set type=OracleClusterCreateParameters
delphix.engine environment create *> set cluster.name=bbrac1416
delphix.engine environment create *> set cluster.crsClusterHome=/u01/app/11.2.0/grid
delphix.engine environment create *> set primaryUser.credential.type=KerberosCredential
delphix.engine environment create *> edit nodes
delphix.engine environment create nodes *> add
delphix.engine environment create nodes 0 *> set name=bbrac14.delphix.com
delphix.engine environment create nodes 0 *> set hostParameters.host.address=bbrac14.delphix.com
delphix.engine environment create nodes 0 *> set hostParameters.host.toolkitPath=/work
delphix.engine environment create nodes 0 *> commit

For each node beyond the first, manually add the node to the cluster in the GUI (CLI can also be used, but GUI is assumed for the remainder of the tasks due to ease of use):

  1. On the Environment Details tab in the web UI, click the plus sign beside Cluster Nodes to add a node (again, make sure to specify an FQDN for the node address).
  2. Click the new node in the Cluster Nodes list.
  3. Click the plus beside Virtual IPs and add the VIP name and address for the node.
  4. Click the plus beside Listeners and add the name and protocol address of a listener on the node.  Protocol address should be in the following format. Example below assumes host VIP "bbrac15-vip.delphix.com" for illustrative purposes:
(ADDRESS=(PROTOCOL=tcp)(HOST=bbrac15-vip.delphix.com)(PORT=1521))

 

Related Articles

The following articles may provide more information or related information to this article: