Tuesday, June 30, 2009

ASM and BBED

As I mentioned in my previous post I make some research with ASM and Oracle block edit.
Please find my short paper about that. This version doesn't include a table protected via Oracle Vault.

If you have any remarks please don't hesitate and drop me a mail.

regards,
Marcin

Wednesday, June 24, 2009

High CPU after DB Console start in 11g

Hi,

If you have a problem with Oracle sessions taking a high CPU load in 11g after you start a DB Console check if any of these session is executing following query:

SELECT EXECUTION_ID, STATUS, STATUS_DETAIL FROM MGMT_JOB_EXEC_SUMMARY
WHERE JOB_ID = :B3 AND
TARGET_LIST_INDEX = :B2 AND EXPECTED_START_TIME = :B1

If yes, you can fix it using that steps:

  1. stop DB Console

    emctl stop dbconsole

  2. connect as sysman using SQL*Plus execute both procedures

    SQL> execute MGMT_PAF_UTL.STOP_DAEMON;
    SQL> execute MGMT_PAF_UTL.START_DAEMON;

  3. Start DB Console

    emctl start dbconsole
This is reported as bug number 7182962

Marcin

Strange DataGuard behaviour

I have been tested a new features of 11g Data Guard. During that I have change a database protection mode into Maximum Protection
and after that make some test with startup and shutdown of both databases.
As expected when primary database was online I have got following error on console and warning in alert.log

SQL> shutdown immediate
ORA-01154: database busy. Open, close, mount, and dismount not allowed now

Alert.log
Attempt to shut down Standby Database
Standby Database operating in NO DATA LOSS mode
Detected primary database alive, shutdown primary first, shutdown aborted

That’s expected results. But in next test case when I shutdown a primary database I still got that same error !

SQL> shutdown immediate
ORA-01154: database busy. Open, close, mount, and dismount not allowed now

I have rerun disabling command for recovery process and checked if recovery mode is disabled

SQL>ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL;
Database altered.
SQL> SELECT RECOVERY_MODE FROM V$ARCHIVE_DEST_STATUS;

RECOVERY_MODE
-----------------------
IDLE
IDLE
IDLE
IDLE
IDLE
IDLE
IDLE
IDLE
IDLE
IDLE
IDLE

11 rows selected.

Hmmm .... of course I can shutdown that database using abort but I don’t want to.
Let’s check what else can prevent database to shutdown – a little check what processes are running and EUREKA – dataguard broker is still running. So:

SQL> alter system set dg_broker_start=FALSE scope=memory;
System altered.

SQL> shutdown immediate
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
SQL>

Uffff .....
Other question is why ? If primary database was down, standby database should be stopped without any other circumstances.

regards,
Marcin

Wednesday, June 17, 2009

ASM and RedHat 5

I’m really angry on me because I spend another 30 min fighting with problem which I have already solved several times. Oracle ASMLib is looking for a disks using /dev/dm-* devices which are not created by default in Red Hat 5. But if you manually map any device as Oracle ASM disk it will be working until next reboot.

So if after reboot in Red Hat 5 your ASM disks disappear check if you done following things:

  • Comment line in /etc/udev/rules.d/ 90-dm.rules

  • #KERNEL=="dm-[0-9]*", ACTION=="add", OPTIONS+="ignore_device"

    it creates a /dev/dm-* devices after system reboot


  • Check in /etc/sysconfig/oracleasm if disk are not excluded

    # ORACLEASM_ENABELED: 'true' means to load the driver on boot.
    ORACLEASM_ENABLED=true
    # ORACLEASM_UID: Default user owning the /dev/oracleasm mount point.
    ORACLEASM_UID=oracle
    # ORACLEASM_GID: Default group owning the /dev/oracleasm mount point.
    ORACLEASM_GID=oinstall
    # ORACLEASM_SCANBOOT: 'true' means scan for ASM disks on boot.
    ORACLEASM_SCANBOOT=true
    # ORACLEASM_SCANORDER: Matching patterns to order disk scanning
    ORACLEASM_SCANORDER=""
    # ORACLEASM_SCANEXCLUDE: Matching patterns to exclude disks from scan
    ORACLEASM_SCANEXCLUDE=""

  • Check a file privileges


After that you should see your ASM disks.

Regards,
Marcin

Tuesday, June 16, 2009

BBED and Oracle Vault

Hi,

I was always wondering how much Oracle Vault is preventing your data to avoid unauthorized accesses by DBA. To be honest I didn’t dig into Oracle code looking for security hole but after I recall about Block Editor I decided to try that tool.

And it is working – I was able to read a data from data file based on file system without any problem. OK there was some work to do like find out a block number and so on but it wasn’t really hard.

After that I tried to use BBED on ASM based file but without luck, but I’m a person who don’t give up so easy. I was thinking about some RMAN copy and it is required a additional disk space and we can deal only with copy of running DB. I have research a internet and I have found amazing stuff about ASM - Luca Canali web site - I read it and I found a solution how to read a data from running DB. It is possible to read a block from ASM into file system, edit it and copy back into running DB. Oracle Vault as expected didn’t recognize that block has been edited.

So is it a possibility to protect data ? In my opinion data encryption is a good choice until someone don’t find a way how to encrypt and decrypt it ;)

Working example of my work should be here in a few days.

regards,
Marcin

Monday, June 8, 2009

BBED - Oracle Block Editor

Hi,

I just found that paper about Oracle Block Editor (BBED) in my old ebook directory.
It can be very useful but very dangerous too. Please read that document very careful
and never try it on production database.

Here is a link to that paper.

regards,
Marcin