Base Database Service VM Configuration
The OCI instance created to run the Base Database Service has some configuration details that affect how it can be used with Delphix.
Certain key configuration files are managed by Chef
The following files have a comment at the top indicating that they are managed by Chef, and that local changes will be overwritten:
-
/etc/ssh/sshd_config
-
/etc/sudoers
Delphix cannot recommend that any changes be made to these files as they could be overwritten at any time by OCI cloud automation. Changes to the overall sudoers configuration can still be made by creating configuration files in /etc/sudoers.d. The OCI-provided SSH server must be used as-is since sshd_config has no configuration mechanism equivalent to /etc/sudoers.d.
Only users opc and oracle can login via SSH
The /etc/ssh/sshd_config file has two AllowUsers entries that enable SSH logins for users opc and oracle. No other users are allowed to login via SSH:
~]$ sudo grep AllowUsers /etc/ssh/sshd_config
Delphix normally recommends the creation of a Delphix OS account, but such an account would not be able to access an OCI BDS instance due to Oracle sshd_config. It is possible to use the oracle account as the Delphix OS account with no additional configuration changes. It is also possible to use the opc account as the Delphix OS account, but this requires additional customization (see below).
BDS databases use full Transparent Data Encryption (TDE)
Every database created by OCI has TDE enabled with all tablespaces encrypted, including system tablespaces. All vPDB provisions from a BDS dSource will be TDE-enabled vPDBs.
dSourcing from Base Database Service
By default, the databases created by OCI do not have Block Change Tracking enabled. Delphix recommends that BCT be enabled for faster incremental SnapSyncs. This can be done by running this SQL statement in the source CDB:
alter system enable block change tracking;
Next, you will need to decide which account to use as the Delphix OS account.
Using oracle as the Delphix OS account
The oracle user is the owner of the Oracle Database home, so using this account ensures that many required OS permissions are already in place and no sudoers rights are required. Only two system changes are needed to dSource:
mkdir /u01/app/oracle/delphix_toolkit
Using opc as the Delphix OS account
By default, the opc account is not a member of the oinstall or backupdba groups. The Delphix OS user must be a member of backupdba to perform SnapSync and LogSync, and membership in the oinstall group is strongly recommended for environment discovery. Follow these steps to allow opc to function as the Delphix OS user for dSourcing:
sudo usermod -aG oinstall,backupdba opc
sudo mkdir /u01/app/oracle/delphix_toolkit
sudo chown opc:oinstall /u01/app/oracle/delphix_toolkit
dSourcing OCI BDS databases
Once the OCI BDS environment has been added, the Continuous Data engine will attempt automatic discovery of Oracle homes, listeners and databases. Note that automatic discovery will be limited If using the opc account without oinstall membership, and other configuration steps may be required. Refer to the Continuous Data documentation on source host requirements for more information.
Provided that Oracle homes and databases have been automatically discovered, or manually added as needed, databases can now be dSourced by following the steps outlined in the Continuous Data documentation on linking Oracle data sources. Once dSourced, virtual databases can be provisioned normally by following the documented steps for provisioning.