Preparing a source EBS R12.2 instance for linking
This topic outlines the prerequisites for linking an EBS R12.2 instance to the Delphix Engine.
Ensure your EBS R12.2 instance is supported
See Source EBS R12.2 instance requirements to ensure you can link your EBS R12.2 instance to the Delphix Engine.
Ensure your EBS 12.2 environments comply with Oracle's documentation
Your environments must comply with Oracle's requirements for installing EBS. These requirements are outlined on Oracle E-Business Suite Release 12 Installation Guidelines (Doc ID 405565.1) found at https://support.oracle.com
Prepare the dbTier for linking
Delphix engine's Unix environment requirements
The dbTier must meet the source requirements outlined in Requirements for Unix environments. These requirements are generic to all source Unix environments added to the Delphix Engine.
oracle
user
The Delphix Engine must have access to an oracle
user on the dbTier.
This user should be a member of both the EBS
dba
andoinstall
groups.The user should own the stage directory for DBTechStack and database files that will be cloned.
Ensure that the "expect" utility exists on the remote host.
dbTechStack binary permissions
Verify that the oracle
user described above has read permissions at the group level for:
$ORACLE_HOME/bin/nmb
$ORACLE_HOME/bin/nmhs
$ORACLE_HOME/bin/nmo
The Delphix Engine's Oracle database requirements
The dbTier must meet the source requirements outlined in Oracle support and requirements. These requirements are generic to all Unix environments containing an Oracle database to be linked.
Prepare the appsTier for linking
Delphix Engine's Unix environment requirements
The appsTier must meet the source requirements outlined in Requirements for unix environments. These requirements are generic to all source Unix environments added to the Delphix Engine.
applmgr
user
The Delphix Engine must have access to an applmgr
user on the appsTier.
This user should be a member of the EBS
oinstall
group.The user should own the stage directory for Appstier files that will be cloned.
delphix_os OS user account
In order to separate authentication and perform privileged operations with a non-privileged OS account, first create an OS user account (i.e. "delphix_os") on the EBS DB Tier and appsTier node to be used as a source.
This user is easily created by the createDelphixOSUser.sh (located below on this page) script.
The primary OS group of the Delphix Engine software owner account's (i.e. delphix_os) should be the same as the EBS Database/AppsTier software owner account (i.e. oravis or applmgr).
Primary group = Oracle Install Group (typically oinstall), secondary group = OSDB Group (typically dba). There are lots of cases where the OS group named dba fills this role, so be sure to check the group membership of the EBS Database and AppsTier software owner account.
Please note, the non-privileged OS account must have the same group as assigned to EBS Database or AppsTier privileged account (like oravis or applmgr).
Host requirements:
To accomplish necessary tasks on the EBS Database and appsTier source hosts, the Delphix OS user account (henceforth referred to as "delphix_os") requires privilege elevation specifications.
Here is an example specification for the "sudo" privilege elevation utility, using the "visudo" to edit the "sudoers" configuration file. This specification makes the following assumptions:
OS = Linux
OS account owning Oracle EBS Database Tier is named oravis
OS account owning Oracle EBS appsTier is named applvis
OS = Solaris
OS account owning Oracle EBS Database Tier is named oravis
OS account owning Oracle EBS appsTier is named oravis
EBS Database and appsTier system base directory is /u01/oracle/VIS. This can be prefixed before all the below-mentioned commands to ensure the same are being executed from relevant paths.
The following sudoers entry is only for template purpose. Modify the path in the below sudoers entry with the appropriate binary paths of your environment.
Sudoers entry for Linux -
Entries required for linking via low privileged user (delphix_os): | |
---|---|
EBS DB Tier |
|
EBS appsTier |
|
Sudoers entry for Solaris -
Entries required for linking via low privileged user (delphix_os): | |
---|---|
EBS DB Tier |
|
EBS appsTier |
|
Requirement for privilege elevation script: DLPX_DB_EXEC
In order to elevate privileges from a non-privileged OS account (like delphix_os) to a privileged OS account (like applmgr), we need to push a privilege elevation script (dlpx_db_exec) up into the Delphix virtualization engine to become part of the Delphix common plugin.
Why we need DLPX_DB_EXEC
Some customers want to use low privilege users to perform delphix operations like linking and provisioning. It means their low privilege user should have sudo permissions to execute EBS application and DB related commands. The privilege elevation profile script dlpx_db_exec allows them to execute commands that require superuser privileges on customer source and target machines.
The privilege elevation script dlpx_db_exec can be created or pushed to Delphix Engine using Web API calls, CURL or dxtoolkit.
For steps on creating a Privilege Elevation Profile please refer to CLI Cookbook: How to create or edit a privilege elevation profiles and profile scripts
Content of DLPX_DB_EXEC Privilege Elevation Profile:
#!/bin/sh
#
# Copyright (c) 2018 by Delphix. All rights reserved.
#
# This script allows customization of command execution with an alternate user
# account.
# Arg $1 contains "-u<optional user account>" for the desired user under
# which database commands will be executed.
# By default this argument is ignored and the script is executed as the default
# account.
#
if [[ $1 != -u* ]]; then
echo "Incorrect command line parameters, -u<optional user account> is required as the first parameter"
exit 1
fi
user_id=`echo $1 | sed -e "s/^-u//"`
shift 1
if [[ $user_id != "delphix_os" ]]; then
command=$(printf "%s " "$@")
sudo su - $user_id -c "$command"
else
$@
fi
Below is an example of how we can push privilege elevation script “dlpx_db_exec” on a customer Delphix Engine:
Create a session to Delphix Engine as Delphix os user:
CODEcurl -i -c cookies.txt -X POST -H "Content-Type:application/json" http://<Delphix-Engine>/resources/json/delphix/session -d '{ "version":{ "minor":11, "major":1, "micro": 5, "type":"APIVersion" }, "type":"APISession"}'
Note: The API Version needs to be identified as per the Delphix Engine installed at the customer site.
Login to Delphix Engine as Delphix OS User:
CODEcurl -i -c cookies.txt -b cookies.txt -X POST -H "Content-Type:application/json" http://<Delphix-Engine>/resources/json/delphix/login -d '{ "password":"delphix", "type":"LoginRequest", "target":"DOMAIN", "username":"delphix_admin" }'
Push DLPX_DB_EXEC contents to Delphix Engine:
CODEcurl -i -b cookies.txt -X POST -H "Content-Type:application/json" http://<Delphix-Engine>/resources/json/delphix/host/privilegeElevation/profileScript/HOST_PRIVILEGE_ELEVATION_PROFILE_SCRIPT-7 -d '{ "type": "HostPrivilegeElevationProfileScript", "contents": "#\n# Copyright (c) 2018 by Delphix. All rights reserved.\n#\n\n#\n# This script allows customization of command execution with an alternate user\n# account.\nif [[ $1 != -u* ]]; then\n echo \"Incorrect command line parameters, -u<optional user account> is required as the first parameter\"\n exit 1\nfi\nuser_id=`echo $1 | sed -e \"s\/^-u\/\/\"`\n\nshift 1\nif [[ $user_id != \"delphix_os\" ]]; then\ncommand=$(printf \"%s \" \"$@\")\nsudo su - $user_id -c \"$command\"\nelse\n$@\nfi\n" }'