Monitoring a Database with Enterprise Manager Express - OCI
Monitoring a Database with Enterprise Manager Express - OCI
In this article we will see how we can enable Enterprise Manager Express tool in OCI . EM express console is not enabled on version 18c, 12c database by default. You can enable it using below method on Oracle Cloud Infrastructure. Steps mentioned for 1- and 2-node RAC DB Systems You must also update the security list and iptables for the DB system as well.
When you enable the console, you'll set the port for the console. The procedure below uses port 5500(default or you can choose different port as well in my case i am choosing 5501), but each additional console enabled on the same DB system will have a different port.
To enable the EM Express console for 1 RAC Node
To set the required permissions on a 2-node RAC DB system
To open ports on the DB system
To connect to the EM Express console
When you enable the console, you'll set the port for the console. The procedure below uses port 5500(default or you can choose different port as well in my case i am choosing 5501), but each additional console enabled on the same DB system will have a different port.
To enable the EM Express console for 1 RAC Node
To set the required permissions on a 2-node RAC DB system
To open ports on the DB system
To connect to the EM Express console
1. SSH to the DB system, log in as opc, sudo to the oracle user, and log in to the database as SYS.
sudo su - oracle
. oraenv
<provide the database SID at the prompt>
sqlplus / as sysdba
2. Do one of the following:
To enable the console and set its port, use the following command.
exec DBMS_XDB_CONFIG.SETHTTPSPORT(<port>);
For example:
SQL> exec DBMS_XDB_CONFIG.SETHTTPSPORT(5501);
PL/SQL procedure successfully completed.
select dbms_xdb_config.getHttpsPort() from dual;
3. Return to the operating system by typing exit and then confirm that the listener is listening
on the port:
on the port:
lsnrctl status | grep HTTP
Service should be running.
If you're using a 2-node RAC DB system, you'll need to add read permissions for the asmadmin
group on the wallet directory on both nodes in the system.
1. SSH to one of the nodes in the DB system, log in as opc, sudo to the grid user.
[opc@dbsysHost1 ~]$ sudo su - grid
[grid@dbsysHost1 ~]$ . oraenv
ORACLE_SID = [+ASM1] ?
The Oracle base has been set to /u01/app/grid
2. Get the location of the wallet directory, shown in below bold in the command output.
[grid@dbsysHost1 ~]$ lsnrctl status | grep xdb_wallet
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST= dbsysHost1.sub04061528182.
dbsysapril6.oraclevcn.com)(PORT=5501)) (Security=(my_wallet_directory=
/u01/app/oracle/admin/dbsys12_phx3wm/xdb_wallet))
(Presentation=HTTP)(Session=RAW))
3. Return to the opc user, switch to the oracle user, and change to the wallet directory.
[opc@dbsysHost1 ~]$ sudo su - oracle
[oracle@dbsysHost1 ~]$ cd /u01/app/oracle/admin/dbsys12_phx3wm/xdb_wallet
4. List the directory contents and note the permissions.
[oracle@dbsysHost1 xdb_wallet]$ ls -ltr
total 8
-rw------- 1 oracle asmadmin 3881 Apr 6 16:32 ewallet.p12
-rw------- 1 oracle asmadmin 3926 Apr 6 16:32 cwallet.sso
5. Change the permissions:
[oracle@dbsysHost1 xdb_wallet]$
chmod 640 /u01/app/oracle/admin/dbsys12_phx3wm/xdb_wallet/*
6. Verify that read permissions were added.
[oracle@dbsysHost1 xdb_wallet]$ ls -ltr
total 8
-rw-r----- 1 oracle asmadmin 3881 Apr 6 16:32 ewallet.p12
-rw-r----- 1 oracle asmadmin 3926 Apr 6 16:32 cwallet.sso
7. Important! Repeat the steps above on the other node in the cluster.
- To set the required permissions on a 2-node RAC DB system
If you're using a 2-node RAC DB system, you'll need to add read permissions for the asmadmin
group on the wallet directory on both nodes in the system.
1. SSH to one of the nodes in the DB system, log in as opc, sudo to the grid user.
[opc@dbsysHost1 ~]$ sudo su - grid
[grid@dbsysHost1 ~]$ . oraenv
ORACLE_SID = [+ASM1] ?
The Oracle base has been set to /u01/app/grid
2. Get the location of the wallet directory, shown in below bold in the command output.
[grid@dbsysHost1 ~]$ lsnrctl status | grep xdb_wallet
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST= dbsysHost1.sub04061528182.
dbsysapril6.oraclevcn.com)(PORT=5501)) (Security=(my_wallet_directory=
/u01/app/oracle/admin/dbsys12_phx3wm/xdb_wallet))
(Presentation=HTTP)(Session=RAW))
3. Return to the opc user, switch to the oracle user, and change to the wallet directory.
[opc@dbsysHost1 ~]$ sudo su - oracle
[oracle@dbsysHost1 ~]$ cd /u01/app/oracle/admin/dbsys12_phx3wm/xdb_wallet
4. List the directory contents and note the permissions.
[oracle@dbsysHost1 xdb_wallet]$ ls -ltr
total 8
-rw------- 1 oracle asmadmin 3881 Apr 6 16:32 ewallet.p12
-rw------- 1 oracle asmadmin 3926 Apr 6 16:32 cwallet.sso
5. Change the permissions:
[oracle@dbsysHost1 xdb_wallet]$
chmod 640 /u01/app/oracle/admin/dbsys12_phx3wm/xdb_wallet/*
6. Verify that read permissions were added.
[oracle@dbsysHost1 xdb_wallet]$ ls -ltr
total 8
-rw-r----- 1 oracle asmadmin 3881 Apr 6 16:32 ewallet.p12
-rw-r----- 1 oracle asmadmin 3926 Apr 6 16:32 cwallet.sso
7. Important! Repeat the steps above on the other node in the cluster.
- Opening Ports on the DB System
- 6200 - For Oracle Notification Service (ONS).
- 5500 - For EM Express. 5500 is the default port, but each additional EM Express console enabled on the DB system will have a different port. If you're not sure which port to open for a particular console.
- 1158 - For Enterprise Manager Database Control. 1158 is the default port, but each additional console enabled on the DB system will have a different port. If you're not sure which port to open for a particular console.To open ports on the DB system1. SSH to the DB System.
ssh -i <private_key_path> opc@<db_system_ip_address>
2. Log in as opc and then sudo to the root user.
login as: opc
[opc@dbsys ~]$ sudo su -
3. Save a copy of iptables as a backup.
[root@dbsys ~]# iptables-save > /tmp/iptables.orig
(If necessary, you can restore the original file by using the command
iptables-restore < /tmp/iptables.orig.)
4. Dynamically add a rule to iptables to allow inbound traffic on the console port, as shown
in the following sample. Change the port number and comment as needed.
[root@dbsys ~]# iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp --dport 5501 -j
ACCEPT -m comment --comment "Required for EM Express.”
5. Make sure the rule was added.
[root@dbsys ~]# service iptables status
Save the updated file to /etc/sysconfig/iptables.
[root@dbsys ~]# /sbin/service iptables save
The change takes effect immediately and will remain in effect when the node is rebooted
- To connect to the EM Express console
1. From a web browser, connect to the console using the following URL format:
https://<ip_address:<port>/em
For example, https://129.145.0.164:5500/em
2. Use the DB system's private or public IP address depending on your network configuration.
Use the private IP address to connect to the DB system from your on-premises network, or
from within the virtual cloud network (VCN).
This includes connecting from a host located on-premises connecting through a VPN or
FastConnect to your VCN, or from another host in the same VCN.
3. Use the DB System's public IP address to connect to the system from outside the cloud
(with no VPN). You can find the IP addresses in the Oracle Cloud Infrastructure Console on the
Database page.
A login page is displayed and you can log in with any valid database credentials.
Use system username and password to login.
4.The Database Home page is displayed.
The change takes effect immediately and will remain in effect when the node is rebooted.
You all set to access EM console for OCI Database.
Happy Learning ..
You all set to access EM console for OCI Database.
Happy Learning ..
Comments
Post a Comment