| Oracle® Database Vault Release Notes 10g Release 2 (10.2.0.2) for Linux Part Number B28934-01 |
|
| View PDF |
| Oracle® Database Vault Release Notes 10g Release 2 (10.2.0.2) for Linux Part Number B28934-01 |
|
| View PDF |
Release Notes
10g Release 2 (10.2.0.2) for Linux
B28934-01
June 2006
These Release Notes describe issues you may encounter with Oracle Database Vault 10g Release 2 (10.2.0.2). Oracle Database Vault is installed using the Oracle Universal Installer (OUI). Silent installation using a response file is not supported. The Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide.
|
Note: Oracle Database Vault (10.2.0.2) has been released for Red Hat Enterprise Linux 3.0 (Update 3 or later). It would be later released for Solaris 9, Solaris 10, and SUSE Linux Enterprise Server 9.0. |
This document may be updated after it is released. To check for updates to this document and to view other Oracle documentation, see the Documentation section on the Oracle Technology Network (OTN) Web site:
http://www.oracle.com/technology/documentation/
This document contains the following sections:
This section describes the known issues pertaining to installation.
Bug 5109473
Having installed 10.2.0.2 CRS on a two node cluster, and having installed a single node RAC Database, then having run RAChome/oui/bin/addNode.sh to add a node to the second node, then having run NETCA to add a listener on the second node, then while running DBCA to add an instance onto the second node, the following warning prompt displays:
Enterprise manager configuration failed due to the following error - Database instance unavailable. Refer to the log file at /scratch/aime/102DV/060315/d1/dvn3/cfgtoollogs/dbca/dvn3/emConfig.log for more details. You can retry configuring this database with Enterprise Manager later by manually running /scratch/aime/102DV/060315/d1/dvn3/bin/emca script.
When you perform a crs_stat -t command, you will see that the instance of the second node is not up.
When you inspect the contents of the emConfig.log file, you will see a log entry similar to the following entry:
Mar 21, 2006 4:38:55 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine CONFIG: ORA-01031: insufficient privileges oracle.sysman.assistants.util.sqlEngine.SQLFatalErrorException: ORA-01031: insufficient privileges .... SEVERE: Database instance unavailable. Refer to the log file at /scratch/aime/102DV/060315/d1/dvn3/cfgtoollogs/dbca/dvn3/emConfig.log for more details. Mar 21, 2006 4:38:55 PM oracle.sysman.emcp.EMConfig perform CONFIG: Stack Trace: oracle.sysman.emcp.exception.EMConfigException: Database instance unavailable.
This is a problem with DBCA not passing a required privilege to EMCP when the user is not OS-authenticated while performing an add instance, delete instance, delete database, or configure database operation.
Use the following workaround for this bug:
Disable Database Vault.
Perform the Add Node operations.
Enable Database Vault.
|
See Also:
|
Bug 5258820
Running Database Vault Configuration Assistant (DVCA) manually, after creating a new database in the Database Vault home, fails if the Oracle System Identifier (SID) for the database is longer than 8 characters.
The following steps reproduce the bug:
Use Database Configuration Assistant (DBCA) to create a new database in an existing Database Vault home.
Run DVCA on the newly created database:
$ORACLE_HOME/bin/dvca -action option -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd DV_owner_account_password [-acctmgr_account DV_account_manager_account_name] [-acctmgr_passwd DV_account_manager_password] [-logfile ./dvca.log] [-silent] [-nodecrypt][-lockout] [-languages {["en"],["de"],["es"],["fr"],["it"],["ja"],["ko"],["pt_BR"],["zh_CN"],["zh_TW"]}]
|
See Also: Oracle Database Vault Installation Guide for more information on running the DVCA command. |
The reason for the bug is that the Oracle Net service name in the tnsnames.ora ($ORACLE_HOME/network/admin/tnsnames.ora) file is truncated to 8 characters.
The workaround for the bug is to change the truncated Net service name in the tnsnames.ora file to it's correct value. For example, say the SID for the database is ORACLEDB90, and the entry in tnsnames.ora appears as:
ORACLEDB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST ....
Replace the truncated entry in the tnsnames.ora file with the correct entry:
ORACLEDB90 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST ....
Bug 5295609
If the Database Vault installation is launched from an Oracle Real Application Clusters (RAC) node that does not contain a database instance, then the installation fails. For example, if a RAC installation contains two nodes, and only one of the nodes has a database instance, then you cannot launch the Database Vault installer from the node that does not have the database instance.
The workaround is to launch the Database Vault installer from a node that has a database instance. Alternatively, you can create a database instance on the node from which you wish to launch the Database Vault installation.
Bug 5334101
When installing a new custom database in an existing Database Vault home using Database Configuration Assistant (DBCA), the installation fails with the following error:
ORA-00604: error occurred at recursive SQL level 1 ORA-01031: insufficient privileges ORA-06512: at "XDB.DBMS_XDB", line 73 ORA-06512: at line 319
The workaround is to disable Database Vault before installing a custom database in an existing Database Vault home. Reenable Database Vault after installing the database.
|
See Also: Oracle Database Vault Administrator's Guide for more information on enabling and disabling Database Vault. |
Bug 5247408
When installing Oracle Database Vault using Oracle Universal Installer (OUI), the Select Existing Database screen and the associated help screen list an incorrect set of prerequisites. The existing database into which Oracle Database Vault is installed must have the following components installed:
Oracle Label Security (OLS) version 10.2.0.2.0
Oracle Enterprise Manager Console DB 10.2.0.2.0
|
See Also: Oracle Database Vault Installation Guide for a complete list of preinstallation requirements |
This section covers some of the frequently asked questions related to Database Vault installation. Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide .
The installer does not detect my existing Oracle Database Enterprise Edition 10g Release 2 (10.2.0.2) instance. What should I do?
To allow the installer to find the database instance information, you should check the following:
The database home has Oracle Enterprise Manager Console DB 10.2.0.2.0 installed.
/etc/oratab has an entry for the database.
All database names listed in /etc/oratab have unique system identifier (SID) names.
The file, /etc/oraInst.loc exists.
The oraInventory location is set in the /etc/oraInst.loc file.
The oraInventory location set in /etc/oraInst.loc is the same as the 10.2.0.2 Enterprise Edition database's oraInventory location.
The 10.2.0.2 database home does not have Oracle Database Vault in it.
The 10.2.0.2 database home does not contain an Automatic Storage Management (ASM) instance.
I have installed Oracle Database Vault into an Oracle home that has multiple databases. How do I secure the other databases in the Oracle home?
You would need to run Database Vault Configuration Assistant (DVCA) manually on the other databases. Refer to the Oracle Database Vault Installation Guide for detailed instructions.
I have installed Oracle Database Vault on a Real Application Clusters (RAC) database instance. How do I secure the other nodes in the cluster?
You need to run DVCA manually on the other RAC nodes. Refer to the Oracle Database Vault Installation Guide for detailed instructions.
You can manually deploy Database Vault Administrator (DVA) to the following Oracle Application Server Containers for J2EE (OC4J) home:
$ORACLE_HOME/oc4j/j2ee/home
Use the following steps to manually deploy the DVA application:
Edit the file, $ORACLE_HOME/oc4j/j2ee/home/config/server.xml. Enter the following line just before the last line that reads, </application-server>:
<application name="dva" path="$ORACLE_HOME/dv/jlib/dva_webapp.ear" auto-start="true" />
For example:
<application name="dva" path="/u00/app/oracle/oracle/product/dv12/dv/jlib/dva_webapp.ear" auto-start="true" />
Edit the file, $ORACLE_HOME/oc4j/j2ee/home/config/http-web-site.xml. Enter the following line just above the last line that reads, </web-site>:
<web-app application="dva" name="dva_webapp" root="/dva" />
Edit the file, $ORACLE_HOME/oc4j/j2ee/home/config/global-web-application.xml. Search for <servlet-class>oracle.jsp.runtimev2.JspServlet</servlet-class>. Uncomment the following lines after this:
<init-param> <param-name>main_mode</param-name> <param-value>justrun</param-value> </init-param>
Create the directory, $ORACLE_HOME/dv/jlib/sysman/config.
mkdir -p $ORACLE_HOME/dv/jlib/sysman/config
Create the database connection configuration file, emoms.properties, in the configuration directory that you just created. Add the following lines to the file:
oracle.sysman.emSDK.svlt.ConsoleMode=standalone oracle.sysman.eml.mntr.emdRepRAC=FALSE oracle.sysman.eml.mntr.emdRepDBName=ORACLE_SID oracle.sysman.eml.mntr.emdRepConnectDescriptor=TNS_connection_string
|
Note:
|
Start OC4J. Before starting OC4J, ensure that the correct environment variables are set. For example :
ORACLE_SID=orcl export ORACLE_SID ORACLE_HOME=/u00/app/oracle/product/10.2/dv export ORACLE_HOME LD_LIBRARY_PATH=$ORACLE_HOME/bin:$ORACLE_HOME/lib:$ORACLE_HOME/jdbc/lib export LD_LIBRARY_PATH PATH=$ORACLE_HOME/bin:$ORACLE_HOME/jdk/bin:$PATH export PATH
|
Note: LD_LIBRARY_PATH must be set to use the OCI-based JDBC libraries. |
Start OC4J using the following syntax:
${ORACLE_HOME}/jdk/bin/java -Djava.awt.headless=true -DEMDROOT=$ORACLE_HOME/dv/jlib -jar ${ORACLE_HOME}/oc4j/j2ee/home/oc4j.jar -userThreads -config ${ORACLE_HOME}/oc4j/j2ee/home/config/server.xml
You can now access the DVA application. The HTTP port defaults to 8888 for this environment. Use the following URL:
http://hostname:8888/dva
The Database Vault Configuration Assistant (DVCA) command syntax for enabling and disabling Oracle Database Vault is incorrect in Appendix B of the Oracle Database Vault Administrator's Guide.
The correct command to enable Oracle Database Vault is as follows:
$ORACLE_HOME/bin/dvca -silent -action enable -service service_name -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd owner_password -nodecrypt [-logfile ./dvca.log]
Where:
silent: Required if you are not running DVCA in an xterm window
action: The action to perform. enable enables Oracle Database Vault. disable disables Oracle Database Vault.
service: The alias for a connection in the tnsnames.ora file. Used to connect to a listener/database. For example, orcl.
sys_passwd: Password for user SYS
owner_account: Oracle Database Vault Owner account name
owner_passwd: Oracle Database Vault owner account password
nodecrypt: Reads plaintext passwords as passed on the command line. You must use this option if you are passing plaintext passwords to the command.
logfile: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME/bin directory.
The correct command to disable Oracle Database Vault is as follows:
$ORACLE_HOME/bin/dvca -silent -action disable -service service_name -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd owner_password -nodecrypt [-logfile ./dvca.log]
|
Note: You need to set the appropriate environment variables for Oracle products before running the DVCA utility. |
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
TTY Access to Oracle Support Services
Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, seven days a week. For TTY support, call 800.446.2398.
Oracle Database Vault Release Notes 10g Release 2 (10.2.0.2) for Linux
B28934-01
Copyright © 2006, Oracle. All rights reserved.
The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited.
The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose.
If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs.
Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party.
