Durham Oracle

Oracle OEM 13.5

Not going to spend an age on this, just to say 13.5 is now available - a lot of information on the web already :

https://www.markusdba.net/2021/04/10/upgrade-enterprise-manager-cloud-control-to-13-5/

Going to upgrade my "sandbox" OEM to 13.5 and will post on that instead.

Recently moved to 13.4 - mainly as the Adobe Flash end of support was at the end of 2020.

The migration from 13.2 to 13.4 was pretty painless but did hit a problem when moving the agents.

EM 13c: OMS Communication to all Agents Failing with "[handshake has no peer]" but Agents are able to Upload Successfully to the OMS (Doc ID 2381313.1

/u02/app/oracle/middleware2/oracle_common/jdk/jre/lib/security

Was

# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \

EC keySize < 224, 3DES_EDE_CBC, anon, NULL

As per the doc from the original 13.2 version - this works

# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048

jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 768

Not exactly sure what “revert back the changes made to disable the MD5withRSA algorithm” – I read it as per 13.2 ?

After a stop / start of OMS it was then ok.

Hopefully 13.5 should be easy enough - not entirely sure what advantages over 13.4 but we will see.

Oracle New Features

This is an excellent video on probably the two big features going forward with Oracle 19.

Planning to run some Oracle 19 installations and patch at the same time and use the read only feature of the Oracle Home. Will post updates and let you know how I get on but in the meantime suggest you watch this video.

Oracle Cloud new instance

I wanted a new test environment so re-created two instances on the always free option for the Oracle Cloud Infrastructure.

Two things which I could not remember from the last time I did this was that the private key that you download when creating the instance, when you use login vi putty you hit an error.

Basically the private key from OCI, the putty application does not like it, so you have to import and change it to a version that it does. Just need puttygen.

https://www.puttygen.com/convert-pem-to-ppk

Or from the command line -

$ puttygen ssh-key-test.key -o private -o ssh-key-test.ppk

just use the OCI generated key and change it to .ppk as above.

I tend to follow the notes from the excellent Oracle Base website to install Oracle but when using MobaXterm to run say the graphical Oracle Installer, after a fresh build on Oracle OCI instance you need to change the X11UseLocalhost parameter. Worth changing this to use password authentication at the same time so not dependent on using private keys (this is a test box for me so happy with just a password).

https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/run-graphical-apps-securely-on-oci.pdf

If you want to install "figlet" which I use quite a lot you need to add this :

sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

https://snapcraft.io/install/figlet/rhel

After succesfully installing oracle 19c (follow the notes from Oracle Base) and fighting 19c with 1gig of memory when trying to connect the two servers needed to add port 1521 -

[root@durdb01 etc]# firewall-cmd --permanent --add-port=1521/tcp

success

[root@durdb01 etc]# firewall-cmd --reload

success

[root@durdb01 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: dhcpv6-client ssh
ports: tcp/1521 5556/tcp 9001/tcp 7777/tcp 14021/tcp 5557/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

As OCI always free is limited to 1gig had to set the oracle memory parameters as :

memory_max_target big integer 772M
memory_target big integer 0

Added 8gig of swap - not a lot of memory to play with but then it is free.

Useful link - DataGuard using OCI:

https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/usingdataguard.htm