powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1055 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 260568e7ec
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '260568e7ec'
${ noResults }
base/SOURCES/bz1232376-oracle-agent-upda...

246 lines
7.3 KiB
Raw Blame History

diff --git a/heartbeat/oracle b/heartbeat/oracle
index 5ecc2f3..c629eb6 100755
--- a/heartbeat/oracle
+++ b/heartbeat/oracle
@@ -27,6 +27,9 @@
# OCF_RESKEY_ipcrm (optional; defaults to "instance")
# OCF_RESKEY_clear_backupmode (optional; default to "false")
# OCF_RESKEY_shutdown_method (optional; default to "checkpoint/abort")
+# OCF_RESKEY_monuser (optional; defaults to "OCFMON")
+# OCF_RESKEY_monpassword (optional; defaults to "OCFMON")
+# OCF_RESKEY_monprofile (optional; defaults to "OCFMONPROFILE")
#
# Initialization:
@@ -56,6 +59,11 @@ oracle_usage() {
!
}
+# Defaults
+OCF_RESKEY_monuser_default="OCFMON"
+OCF_RESKEY_monpassword_default="OCFMON"
+OCF_RESKEY_monprofile_default="OCFMONPROFILE"
+
oracle_meta_data() {
cat <<END
<?xml version="1.0"?>
@@ -100,6 +108,39 @@ If this does not work for you, just set it explicitely.
<content type="string" default="" />
</parameter>
+<parameter name="monuser" unique="0">
+<longdesc lang="en">
+Monitoring user name. Every connection as
+sysdba is logged in an audit log. This can
+result in a large number of new files created.
+A new user is created (if it doesn't exist) in
+the start action and subsequently used in monitor.
+It should have very limited rights. Make sure
+that the password for this user does not expire.
+</longdesc>
+<shortdesc lang="en">monuser</shortdesc>
+<content type="string" default="$OCF_RESKEY_monuser_default" />
+</parameter>
+
+<parameter name="monpassword" unique="0">
+<longdesc lang="en">
+Password for the monitoring user. Make sure
+that the password for this user does not expire.
+</longdesc>
+<shortdesc lang="en">monpassword</shortdesc>
+<content type="string" default="$OCF_RESKEY_monpassword_default" />
+</parameter>
+
+<parameter name="monprofile" unique="0">
+<longdesc lang="en">
+Profile used by the monitoring user. If the
+profile does not exist, it will be created
+with a non-expiring password.
+</longdesc>
+<shortdesc lang="en">monprofile</shortdesc>
+<content type="string" default="$OCF_RESKEY_monprofile_default" />
+</parameter>
+
<parameter name="ipcrm" unique="0">
<longdesc lang="en">
Sometimes IPC objects (shared memory segments and semaphores)
@@ -216,7 +257,7 @@ execsql() {
if [ "$US" = "$ORACLE_OWNER" ]; then
sqlplus -S /nolog
else
- su - $ORACLE_OWNER -c ". $ORA_ENVF; sqlplus -S /nolog"
+ su - $ORACLE_OWNER -s /bin/sh -c ". $ORA_ENVF; sqlplus -S /nolog"
fi
}
@@ -250,7 +291,7 @@ dbasql() {
runsql "connect / as sysdba" $*
}
monsql() {
- runsql "connect $MONUSR/$MONUSR" $*
+ runsql "connect $MONUSR/\"$MONPWD\"" $*
}
# use dbasql_one if the query should result in a single line output
# at times people stuff commands in oracle .profile
@@ -325,22 +366,73 @@ getipc() {
echo "oradebug tracefile_name"
echo "oradebug ipc"
}
+show_mon_profile() {
+ echo "select PROFILE from dba_profiles where PROFILE='$MONPROFILE';"
+}
+mk_mon_profile() {
+ cat<<EOF
+create profile $MONPROFILE limit FAILED_LOGIN_ATTEMPTS UNLIMITED PASSWORD_LIFE_TIME UNLIMITED;
+EOF
+}
show_mon_user() {
echo "select USERNAME, ACCOUNT_STATUS from dba_users where USERNAME='$MONUSR';"
}
mk_mon_user() {
cat<<EOF
-create user $MONUSR identified by $MONUSR;
+create user $MONUSR identified by "$MONPWD" profile $MONPROFILE;
grant create session to $MONUSR;
grant select on v_\$instance to $MONUSR;
EOF
}
-check_mon_user() {
+show_mon_user_profile() {
+ echo "select PROFILE from dba_users where USERNAME='$MONUSR';"
+}
+set_mon_user_profile() {
+ echo "alter user $MONUSR profile $MONPROFILE;"
+}
+reset_mon_user_password() {
+ echo "alter user $MONUSR identified by $MONPWD;"
+}
+check_mon_profile() {
local output
- dbasql show_mon_user | grep -w "^$MONUSR" >/dev/null &&
+ output=`dbasql show_mon_profile`
+ if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then
return 0
+ fi
+ output=`dbasql mk_mon_profile show_mon_profile`
+ if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then
+ return 0
+ else
+ ocf_log err "could not create $MONPROFILE oracle profile"
+ ocf_log err "sqlplus output: $output"
+ return 1
+ fi
+}
+check_mon_user() {
+ local output
+ local output2
+
+ output=`dbasql show_mon_user`
+ if echo "$output" | grep -iw "^$MONUSR" >/dev/null; then
+ if echo "$output" | grep -w "EXPIRED" >/dev/null; then
+ dbasql reset_mon_user_password
+ fi
+ output=`dbasql show_mon_user_profile`
+ if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then
+ return 0
+ else
+ output=`dbasql set_mon_user_profile`
+ output2=`dbasql show_mon_user_profile`
+ if echo "$output2" | grep -iw "^$MONPROFILE" >/dev/null; then
+ return 0
+ fi
+ ocf_log err "could not set profile for $MONUSR oracle user"
+ ocf_log err "sqlplus output: $output( $output2 )"
+ return 1
+ fi
+ fi
output=`dbasql mk_mon_user show_mon_user`
- if echo "$output" | grep -w "^$MONUSR" >/dev/null; then
+ if echo "$output" | grep -iw "^$MONUSR" >/dev/null; then
return 0
else
ocf_log err "could not create $MONUSR oracle user"
@@ -417,7 +509,7 @@ ipcdesc() {
}
rmipc() {
local what=$1 id=$2
- ipcs -$what | filteroraipc | grep -w $id >/dev/null 2>&1 ||
+ ipcs -$what | filteroraipc | grep -iw $id >/dev/null 2>&1 ||
return
ocf_log info "Removing `ipcdesc $what` $id."
ipcrm -$what $id
@@ -447,6 +539,8 @@ is_proc_running() {
# instance in OPEN state?
instance_live() {
local status=`monsql_one dbstat`
+ [ "$status" = OPEN ] && return 0
+ status=`dbasql_one dbstat`
if [ "$status" = OPEN ]; then
return 0
else
@@ -473,7 +567,7 @@ ora_cleanup() {
}
oracle_getconfig() {
- ora_common_getconfig "$OCF_RESKEY_sid" "$OCF_RESKEY_home" "$OCF_RESKEY_user" "$OCF_RESKEY_tns_admin"
+ ora_common_getconfig "$OCF_RESKEY_sid" "$OCF_RESKEY_home" "$OCF_RESKEY_user"
clear_backupmode=${OCF_RESKEY_clear_backupmode:-"false"}
shutdown_method=${OCF_RESKEY_shutdown_method:-"checkpoint/abort"}
@@ -493,7 +587,7 @@ oracle_getconfig() {
oracle_start() {
local status output
if is_proc_running; then
- status="`monsql_one dbstat`"
+ status="`dbasql_one dbstat`"
case "$status" in
"OPEN")
: nothing to be done, we can leave right now
@@ -541,6 +635,11 @@ oracle_start() {
fi
output=`dbasql dbopen`
+ # check/create the monitor profile
+ if ! check_mon_profile; then
+ return $OCF_ERR_GENERIC
+ fi
+
# check/create the monitor user
if ! check_mon_user; then
return $OCF_ERR_GENERIC
@@ -650,7 +749,12 @@ show_procs() {
proc_pids() { show_procs | awk '{print $1}'; }
PROCS_CLEANUP_TIME="30"
-MONUSR="OCFMON"
+MONUSR=${OCF_RESKEY_monuser:-$OCF_RESKEY_monuser_default}
+MONPWD=${OCF_RESKEY_monpassword:-$OCF_RESKEY_monpassword_default}
+MONPROFILE=${OCF_RESKEY_monprofile_default:-$OCF_RESKEY_monprofile_default}
+
+MONUSR=$(echo $MONUSR | awk '{print toupper($0)}')
+MONPROFILE=$(echo $MONPROFILE | awk '{print toupper($0)}')
OCF_REQUIRED_PARAMS="sid"
OCF_REQUIRED_BINARIES="sqlplus"
ocf_rarun $*
diff --git a/heartbeat/oralsnr b/heartbeat/oralsnr
index 2409017..a91eeab 100755
--- a/heartbeat/oralsnr
+++ b/heartbeat/oralsnr
@@ -158,7 +158,7 @@ runasdba() {
(
echo ". $ORA_ENVF"
cat
- ) | su - $ORACLE_OWNER
+ ) | su -s $SH - $ORACLE_OWNER
fi
}
@@ -268,7 +268,7 @@ oralsnr_validate_all() {
# used in ora-common.sh
show_procs() {
ps -e -o pid,user,args |
- grep '[t]nslsnr' | grep -w "$listener" | grep -w "$ORACLE_OWNER"
+ grep '[t]nslsnr' | grep -i -w "$listener" | grep -w "$ORACLE_OWNER"
}
proc_pids() { show_procs | awk '{print $1}'; }
PROCS_CLEANUP_TIME="10"