Tuesday, October 3, 2017

Configuring Oracle Database 11g R2 to use Recovery Catalog

1. Creating a Tablespace that will hold Recovery Catalog Meta Data, rman stored scripts and other information.

SQL> create tablespace catalogtbs
  2  datafile '/home/oracle/Desktop/recovery/catalog.dbf'     
  3  size 200M;
Tablespace created.

2. Creating a User who will be the owner of the recovery catalog.

SQL> create user rcuser identified by rcuser
  2  temporary tablespace temp
  3  default tablespace catalogtbs
  4  quota unlimited on catalogtbs;
User created.

3. Grant the the recovery_catalog_owner to the created user grants full ownership of the recovery catalog

SQL> grant recovery_catalog_owner to rcuser;
Grant succeeded.

4. Connecting to the Recovery catalog  schema and creating a new recovery catalog for our databases

 [oracle@pc1 ~]$ rman catalog rcuser/rcuser@orcl;
RMAN> create catalog;
recovery catalog created

5. Connecting to the target database and also connecting to the recovery catalog at the same time and register the database with the recovery catalog to resync with the database control file.

[oracle@pc1 ~]$ rman target / catalog rcuser/rcuser@orcl;
RMAN> register database;
database registered in recovery catalog
starting full resync of recovery catalog
full resync complete

 [oracle@pc1 ~]$ sqlplus rcuser/rcuser;
SQL> desc rc_stored_script
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 DB_KEY                                             NUMBER
 DB_NAME                                            VARCHAR2(8)
 SCRIPT_NAME                               NOT NULL VARCHAR2(100)
 SCRIPT_COMMENT                                     VARCHAR2(255)

6. Creating rman script and storing them to the recovery catalog.

RMAN> create script backup_db
2> {backup database plus archivelog;}  
created script backup_db

7. Running the stored RMAN script from the recovery catalog.

RMAN> run {execute script backup_db;};
executing script: backup_db
Viewing the content of the RMAN stored Scripts.
RMAN> print script backup_db;
printing stored script: backup_db
{backup database plus archivelog;}

8. How to edit the content of the stored rman scripts

RMAN> replace script backup_db
2> {backup database plus archivelog delete input;}
replaced script backup_db

9. How to View the rman Stored Scripts 

RMAN> list all script names;
List of Stored Scripts in Recovery Catalog
    Scripts of Target Database ORCL
       Script Name
       Description
       -----------------------------------------------------------------------
       backup_db

Thursday, March 2, 2017

Configuring Site to Site VPN




Configuring Site to Site VPN Tunnel

Routers that will participate on a VPN Site to Site Tunnel will form 2 IKE Tunnels, that is the IKE Phase 1 Tunnel and the IKE Phase 2/IPSec Tunnel.
In order for them to ensure they form such tunnels they need to make sure that all the hashing, Encryption, Lifetime of the tunnels  and other parameters that we will be configuring  are all set the same on both routers.

IKE PHASE 1 Tunnel Negotiation (Hagle):
Hashing : MD5, SHA 1
Authentication: PSK, RSA Keys
Group (DH): 1,2,5
Lifetime: # Seconds
Encryption: DES,3DES, AES

IKE PHASE 2 Tunnel Negotiation:
Transform Set
Lifetime: # Seconds
Encryption: DES,3DES, AES
Configuring IKE Phase 1

1. Configuring IKE Phase 1 on the R1 and R2.

//R1
R1(config)#crypto isakmp enable
R1(config)#crypto isakmp policy 10
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 2
R1(config-isakmp)#lifetime 86400
R1(config-isakmp)#encryption aes 128
R1(config-isakmp)#hash sha
R1(config-isakmp)#end

//R2
R2(config)#crypto isakmp enable
R2(config)#crypto isakmp policy 10
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#lifetime 86400
R2(config-isakmp)#hash sha
R2(config-isakmp)#group 2
R2(config-isakmp)#encryption aes 128


2. Create an Identity that will be used to identify the router when communicating with the other Router

NOTE: Use the hostname if the ip address is changing let say the ISP Provides random IP addresses for Security Purposes  but if it is static, you can use the IP address.

//R1
R1(config)#crypto isakmp identity address


//R2
R2(config)#crypto isakmp identity address

3. Create the Key that will be used to identify/Authenticate both Routers:

//R1
R1(config)#crypto isakmp key 0 kisamokey address 23.0.0.2

//R2
R2(config)#crypto isakmp key 0 kisamokey address 192.168.1.1


IKE Phase 1 already Configured


Configuring IPSec Phase 2 Tunnel/IPSec Tunnel:


1.   Creating a Transform Set on Router 1 and Router 2 : 
//R1
R1(config)#crypto ipsec transform-set KISAMOVPN esp-aes 128 esp-sha-hmac

//R2
R2(config)#crypto ipsec transform-set KISAMOVPN esp-aes 128 esp-sha-hmac

2. Configure the IKE Phase 2 Tunnel Life Cycle on Router 1 and Router 2:
//R1
R1(config)#crypto ipsec security-association lifetime seconds 86400

//R2
R2(config)#crypto ipsec security-association lifetime seconds 86400


3. Create  a Mirrored ACL to permit traffic to be transported encrypted and to be received Encrypted both on Router 1 and Router 2: 

//R1
R1(config)#ip access-list extended S2S-VPN-TRAFFIC
R1(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
R1(config-ext-nacl)#exit
R1(config)#

//R2
R2(config)#ip access-list extended S2S-VPN-TRAFFIC
R2(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
R2(config-ext-nacl)#

4. Create a Crypto Map for the IKE Phase 2 Tunnel /Ipsec Tunnel

//RI
R1(config)#crypto map S2S-VPN 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R1(config-crypto-map)#match address S2S-VPN-TRAFFIC
R1(config-crypto-map)#set peer 23.0.0.2
R1(config-crypto-map)#set pfs group2
R1(config-crypto-map)#set transform-set KISAMOVPN

//R2
R2(config)#crypto map S2S-VPN 100 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
R2(config-crypto-map)#match address S2S-VPN-TRAFFIC
R2(config-crypto-map)#set peer 192.168.1.1
R2(config-crypto-map)#set pfs group2
R2(config-crypto-map)#set transform-set KISAMOVPN


5.   Apply the Crypto Map to the Respective interface

//R1
R1(config)# interface serial 0
R1(config-if)#crypto map S2S-VPN
R1(config-if)#exit

//R2
R2(config)# interface serial 1
R2(config-if)#crypto map S2S-VPN
R2(config-if)#exit

5. Verification  Commands

R2#show crypto map
R2#show crypto ipsec transform-set      
R2# show crypto isakmp sa

R#shiow crypto ipsec sa 

Monday, February 27, 2017

Configuring Virtual Links on GNS 3






Please note that it is not recommended to design your network in a way that there is a network that will be not attached to Area 0 (The Backbone Network). If your caught up in this situation, by using the concept of Virtual Link we will allow the network which is not attached to Area 0 Directly to receive Routing Updates and being able to communicate with other networks on different Areas. 


Configuring a Virtual Link between R7 and R6 to enable R8 on Area 78 to receive OSPF Routing Updates.

Router ID for R7 is 7.7.7.7
Router ID for R6 is 6.6.6.6
Routing Protocol Configured: OSPF
Router 5 has redistribution configured due to 2 routing protocols working on the same router RIPv2 and OSPF


//Configuring Virtual Link between Router R7 and Router R6.

On R7
=================================================================
R7#config t
Enter configuration commands, one per line. End with CNTL/Z.
R7(config)#router ospf 1
R7(config-router)#area 67 virtual-link 6.6.6.6
R7(config-router)#end


On R6 
================================================================
R6#config t
R6(config)#router ospf 1
R6(config-router)#area 67 virtual-link 7.7.7.7
R6(config-router)#end



//Verifying the Status of the Virtual Links

On R6
=================================================================
R6#show ip ospf virtual-links

Virtual Link OSPF_VL0 to router 7.7.7.7 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 67, via interface Serial0/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Adjacency State FULL (Hello suppressed)
Index 4/5, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

On R7
==================================================================
R7#show ip ospf virtual-links

Virtual Link OSPF_VL0 to router 6.6.6.6 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 67, via interface Serial0/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

Configuring Summarization on an Area Border Router.


Configuring Summarization on an Area Border Router. 

Perforing Network Setup Using GNS 3

On R1

NOTE: We are Creating the loopback interfaces to simulate different networks connected to Router 1
R1(config)#interface Loopback1
R1(config-if)#ip address 172.16.1.1 255.255.255.0

R1(config)#interface Loopback2
R1(config)# ip address 172.16.2.1 255.255.255.0

R1(config-if)#interface Loopback3
R1(config-if)# ip address 172.16.3.1 255.255.255.0

R1(config)#interface Loopback4
R1(config-if)#ip address 172.16.4.1 255.255.255.0

R1(config)#interface s0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.0


//We are Configuring the the OSPF Routing Protocol on R1
--------------------------------------------------------------------------------

R1 (config)#router ospf 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)#  network 10.1.1.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.1.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.2.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.3.1 0.0.0.0 area 0
R1(config-router)#  network 172.16.4.1 0.0.0.0 area 0
R1(config-router)#end

On R3

//Configuring the Loopback interfaces to simulate different networks on Router 3

R1(config)#interface Loopback1
R1(config-if)#ip address 172.17.1.1 255.255.255.0

R1(config)#interface Loopback2
R1(config)# ip address 172.17.2.1 255.255.255.0

R1(config-if)#interface Loopback3
R1(config-if)# ip address 172.17.3.1 255.255.255.0

R1(config)#interface Loopback4
R1(config-if)#ip address 172.17.4.1 255.255.255.0

R1(config)#interface s0/0
R1(config-if)#ip address 192.168.1.2 255.255.255.0

//Configuring the OSPF Routing Protocol on R1

R1 (config)#router ospf 1
R1(config-router)# router-id 3.3.3.3
R1(config-router)#  network 192.168.1.2 0.0.0.0 area 0
R1(config-router)#  network 172.17.1.1 0.0.0.0 area 0
R1(config-router)#  network 172.17.2.1 0.0.0.0 area 0
R1(config-router)#  network 172.17.3.1 0.0.0.0 area 0
R1(config-router)#  network 172.17.4.1 0.0.0.0 area 0
R1(config-router)#end


On R2

R2(config)# interface Serial0/0
 R2(config-if)# ip address 10.1.1.2 255.255.255.0
 R2(config-if)# clock rate 2000000

R2(config)# interface Serial0/1
R2(config-if)# ip address 192.168.1.1 255.255.255.0
R2(config-if)# clock rate 2000000

R2(config)#router ospf 1
R2(config-router)# router-id 2.2.2.2
R2(config-router)# network 10.1.1.2 0.0.0.0 area 0
R2(config-router)# network 192.168.1.1 0.0.0.0 area 1
R2(config-router)# area 0 range 172.16.0.0 255.255.248.0
R2(config-router)# area 1 range 172.17.0.0 255.255.248.0


 NOTE: The last 2 statements allows the Router 3 also known as the ABR (Area Border Router) to perform summarization to Routers on Both Areas that is Area 0 and Area 1

NOTE: Please make sure you have already the Submnetting,VLSM and Summarization Basics

After that verify by going on R1 and R3 to see the summarized routes by using the command

**show ip route 


Cheers 



************************************Enjoy***************************************

Friday, April 8, 2016

Step by Step Instructions on How we can install Oracle 11g Release 2 on Redhat 5 Linux.

1. Log in to the Linux PC with the Root Credentials and Let’s Begin: 

a.       Insert the Redhat Linux CD, Open the Terminal and Install the Following Packages by going to the path directed as shown on the Screen:



b.       While in the Sever Directory Run these commands one by one or Copy these commands and paste them on the terminal while at the Server Directory:



  

c.       After Copying the RPM commands paste them on the terminal and Observe how the packages are installed:






2. The Second task is to ensure we go to the to a file “sysctl.conf ”  under the path “/etc/sysctl.conf “  and edit it using GEDIT Program:

Lines to add on the sysctl.conf :
fs.suid_dumpable = 1
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default=4194304
net.core.rmem_max=4194304
net.core.wmem_default=262144
net.core.wmem_max=1048586





3. Run the Following Command to ensure the System Parameters are put into action:
/sbin/sysctl -p | sort





4. Next, Find the “limits.conf “ file which is located under the path “/etc/security/limits.conf”.
Add the Following Lines:
oracle              soft    nproc   2047
oracle              hard   nproc 16384
oracle              soft    nofile   1024
oracle              hard  nofile   65536
oracle              soft    stack    10240






5. Next, Find the “login” file under the path “/etc/pam.d/login” and: 
Add the following lines:
session            required           /lib/security/pam_limits.so







6. Create the Following Groups and the User that will be used to install Oracle Database 11g Release 2:
groupadd oinstall
groupadd dba
groupadd oper
groupadd asmadmin




7. Create a User to be used to Install Oracle Database the username for the account will be “Oracle”:
useradd -g oinstall -G dba,oper,asmadmin oracle


8. Set the Password for the User Oracle:
passwd oracle




9. Create the following Directories that will be used as Oracle Home i.e. where Oracle Software will be installed and provide ownership and full permission to oracle user o those folders.
mkdir -p /u01/app/oracle/product/11.2.0/dbhome_1
chown -R oracle:oinstall /u01
chmod -R 775 /u01






10. After doing all that, Logout as root and log in as Oracle to verify the user has been created, and after that log out again and login as root to finalize the last processes.
11. Go to the Oracle’s Home directory and add the below lines to the file .bash_profile which is located under the path </home/oracle/.bash_profile> :

Please make sure you change the Values for ORACLE_HOSTNAME to match the machine name and ORACLE_UNQNAME to match the database name that you will use.

# Oracle Settings
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR
ORACLE_HOSTNAME=PC1; export ORACLE_HOSTNAME
ORACLE_UNQNAME=ORCL; export ORACLE_UNQNAME
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/11.2.0/dbhome_1; export ORACLE_HOME
ORACLE_SID=ORCL; export ORACLE_SID
PATH=/usr/sbin:$PATH; export PATH
PATH=$ORACLE_HOME/bin:$PATH; export PATH
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH
if [ $USER = "oracle" ]; then
   if [ $SHELL = "/bin/ksh" ]; then
      ulimit -p 16384
      ulimit -n 65536
   else
      ulimit -u 16384 -n 65536
   fi
umask 022
fi



12. After doing all that copy the compressed Oracle Database from your storage device to Oracle’s Desktop so that Oracle can login and begin the installation.




13. Provide all the Permissions (read, write and Execute) for user Oracle to be able to access the folder and execute any executable files in it.



14. After all that lets login as user oracle and begin the Decompression of the Oracle 11g R2 Database before beginning the installation. Please note that after decompressing all the files, they will will create the database folder where all the installation files will be in it.












After decompressing the database files <linux_11gR2_database_1of2 and linux_11gR2_database_2of2> enter to the database folder and let’s begin the Oracle database installation by launching the Oracle Universal Installer:




Launch the runInstaller to bring up the Oracle Universal Installer:






After the OUI to pop up we will start with the Configure Security Updates Section.
Since we are not in the Production enviroment the Security Updates will not be necccesary. Untick the selection of of “I wish to receive security updates via Oracle Support” and proceed with Next >> 





Select Yes on the Warning dialog box of the “Email Address not Specified” and then proceed:




On the Next Phase select Create and Configure a database for Oracle to install its software and create the database and then Select Next > :





On the System Class Category Select the Server Class option if you are installing it on a server Machine:



On the Grid Option select the Single Instance Database Installation then Select Next >>




On the Install type Select the Advanced Install type and then Select Next >>





On the Product Languages Select English and the proceed by Selecting Next >>



On the Database Editions select the Enterprise Edition then Select Next >>





In the Installation Location Folder make sure you specify the ORACLE_HOME and ORACLE_BASE Location as specified during redhat preparations:




On the Create Inventory Section leave default selections and then select Next:




On the Configuration Type select the General Purpose /Transaction Processing option then select Next >>




On the Database Identifiers, provide your database name as you prefer, for me I will leave its default name as ORCL :


On the Configuration Option Leave every option default but Select the Sample Schema Tab and ensure that create database with Sample schema is selected and then proceed by selecting Next >>






On the Management Option Leave the Default Option and then Select Next >>




On the Database Storage Section, make selection of the File System and ensure the path to where the datafiles will be stored is properly specified :



On the Backup and Recovery Option, Leave the Option of Do Not Enable Automated Backups since it’s among the modules that we will look on how we can do Backups and Recovery:



On the Schema Password, since we are in the Learning Environment and not in the Production Environment make selection of the use the same password for all accounts:




On the Operating System Groups leave the default options and proceed by selecting Next >>





After that the Computer will be performing a prerequisite check before beginning installation then select Finish for Oracle to Begin Installation:








After the Installation of the Oracle Software and the Creation of the Database, the Database Configuration will bring out the Below Dialog Box ,  
Select the Password Management button and unlock the Users HR and SCOTT by unticking their selection and providing the password you desire and then Select OK:








After that Oracle will bring the Execute Configuration Scripts which requires to open another Terminal and Login as root and run those scripts:




After running the Scripts as shown on the terminal Above return back to the Execute Configuration action Scripts and Select OK and the below screen will be as shown below :






After all that close all the windows and open another Terminal to add some of the Variables on the .bashrc file located at the Oracle’s home folder:



After doing all that you can now Connect to the Database using SQLPLUS as shown below : 




For more Information on how you prepare your linux machine before installing Oracle 11G Release 2 go to the Link Below : 
http://docs.oracle.com/cd/E11882_01/install.112/e47689/pre_install.htm#LADBI1110