Ksplice for Exadata

Here is detailed how installing online Uptrack fixes on the Exadata Linux Kernel using Oracle Kesplice.

Quick licensing information this option requires “Oracle Linux Premier Support Customers” for all details please visit this link

Exadata Online Linux Kernel Patching

Downloading the Uptrack from linux.oracle.com

If still present remove the exadata-sun.*computenode-exact RPM

yum list installed | grep 'exadata-sun.*computenode-exact'

[root@tvdexa07db01 Ksplice]# yum list installed | grep 'exadata-sun.*computenode-exact' exadata-sun-vm-computenode-exact.noarch [root@tvdexa07db01 Ksplice]#

[root@tvdexa07db01 Ksplice]# yum erase exadata-sun-vm-computenode-exact.noarch Resolving Dependencies --> Running transaction check ---> Package exadata-sun-vm-computenode-exact.noarch 0:19.3.4.0.0.200130-1 will be erased --> Finished Dependency Resolution

Dependencies Resolved

…

Install the Uptrack update

[root@tvdexa07db01 Ksplice]# yum install uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200417-0.noarch.rpm Examining uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200417-0.noarch.rpm: uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200417-0.noarch Marking uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200417-0.noarch.rpm as an update to uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200128-0.noarch Resolving Dependencies --> Running transaction check ---> Package uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64.noarch 0:20200128-0 will be updated ---> Package uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64.noarch 0:20200417-0 will be an update --> Finished Dependency Resolution

Dependencies Resolved

Upgrade 1 Package

Total size: 18 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200417-0.noarch 1/2 The following steps will be taken: Install [mnnc6fcu] CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes. Install [tvgkcphj] Improved fix to CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes. Install [bss17slx] CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting. Install [sl587t78] Missing Non Maskable Interrupts on AMD KVM guests. Install [98393wix] CVE-2016-5244: Information leak in the RDS network protocol. Install [alabfukc] CVE-2019-17666: Remote code execution in Realtek peer-to-peer Wifi. Install [sc77umtr] CVE-2019-0155: Privilege escalation in Intel i915 graphics driver. Install [o8kefoq8] CVE-2019-0154: Denial-of-service in Intel i915 graphics driver. Install [cy9t2fe7] Improved fix to CVE-2019-11135: Side-channel information leak in Intel TSX on late microcode update. Install [3h40qtja] IO hang on block multiqueue device waits. Install [ll4csbbo] CVE-2019-20054: Denial-of-service in procfs sysctl removal. Install [r7vboahq] Deadlock in Reliable Datagram socket connection. Install [pojd20br] Denial-of-service in Reliable Datagram Socket send cancellation. Install [ayrz7nql] CVE-2020-2732: Privilege escalation in Intel KVM nested emulation. Install [e6szjj4l] CVE-2019-14901: Denial-of-service when parsing TDLS action frame in Marvell WiFi-Ex driver. Install [9253ftyr] CVE-2019-15291: Denial-of-service in B2C2 FlexCop driver probing. Install [h6qm8tqh] IO hang in Reliable Datagram Socket remote DMA socket closing. Install [jmo8wvme] Denial-of-service in CIFS POSIX file locks on close. Install [c92mbxy5] CVE-2019-15538: Denial-of-service in XFS filesystem with Quota support enabled. Install [6z2m3403] CVE-2020-7053: Use-after-free when destroying i915 GEM context. Install [c5t3d5fa] NULL dereference while loading userspace I/O driver. Install [8dgt3zi6] CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver. Install [a4scbw6j] Kernel panic in Infiniband RDMA QP send queues. Install [9m542zj0] Denial-of-service in IPMI device registration. Install [jq0r6r0v] Denial-of-service in Pressure Stall Information cgroup destruction. Install [m5jqkbu3] Denial-of-service in Infiniband pool destruction. Install [miag3lwz] CVE-2019-19338: Missing Intel TAA mitigation in KVM guests. Install [28o9c5jg] CVE-2019-14615: Information leak in Intel i915 generation 9 devices. Install [e9ghelsq] Race condition in crypto initialization causes denial-of-service. Install [8kg2ltrj] Denial-of-service in XFS whiteout renames. Install [djt21tl9] NULL pointer dereference when mounting a GFS2 filesystem. Install [fmlfqa0h] NULL-pointer dereference when driver logs in/out of system. Install [r0hywzwk] Soft lockup in low memory situation due to misused allocator in LPFC. Install [o6ivsuer] Use-after-free due to race condition in LPFC NVME write handling. Install [muzxn90m] Hard lock up when handling aborts for LPFC. Install [297glmum] Soft lockup when multiple threads read /proc/stat simultaneously. Install [p2wsrgbk] Denial-of-service in the batman-adv subsystem. Install [tg92ldhm] Spurious signals during TTY reopen. Install [e6k3gzxq] CVE-2019-18809: Memory leak when identifying state in Afatech AF9005 DVB-T USB1.1 driver. Install [9ccfw3yo] CVE-2019-18806: Memory leak when allocating large buffers in QLogic QLA3XXX Network driver. Install [73fkk23h] Use-after-free when using NFS with page cache. Install [d4thcifo] NULL pointer dereference during UBIFS mount. Install [jdwrgfic] CVE-2020-10942: Out-of-bounds memory access in the Virtual host driver. Install [iizw2yj1] Use-after-free when constructing ERSPAN packet header. Install [221vs9ih] Deadlock when deleting NVMe namespace fails. Install [1outnjhr] Out-of-bounds read when transmitting packet using XFRM.
Install [i6sjtrm9] Point-to-Point Protocol IOCDETACH ioctl causes use-after-free. Install [8grqdp2d] Flawed logic in read/write semaphore implementation causes crash. Install [jsndggsn] System fails to generate vmcore dump after panic. Install [p6dow9c8] CVE-2018-5953: Information leak in software IO TLB driver. Installing [mnnc6fcu] CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes. Installing [tvgkcphj] Improved fix to CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes. Installing [bss17slx] CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting. Installing [sl587t78] Missing Non Maskable Interrupts on AMD KVM guests. Installing [98393wix] CVE-2016-5244: Information leak in the RDS network protocol. Installing [alabfukc] CVE-2019-17666: Remote code execution in Realtek peer-to-peer Wifi. Installing [sc77umtr] CVE-2019-0155: Privilege escalation in Intel i915 graphics driver. Installing [o8kefoq8] CVE-2019-0154: Denial-of-service in Intel i915 graphics driver. Installing [cy9t2fe7] Improved fix to CVE-2019-11135: Side-channel information leak in Intel TSX on late microcode update. Installing [3h40qtja] IO hang on block multiqueue device waits. Installing [ll4csbbo] CVE-2019-20054: Denial-of-service in procfs sysctl removal. Installing [r7vboahq] Deadlock in Reliable Datagram socket connection. Installing [pojd20br] Denial-of-service in Reliable Datagram Socket send cancellation. Installing [ayrz7nql] CVE-2020-2732: Privilege escalation in Intel KVM nested emulation. Installing [e6szjj4l] CVE-2019-14901: Denial-of-service when parsing TDLS action frame in Marvell WiFi-Ex driver. Installing [9253ftyr] CVE-2019-15291: Denial-of-service in B2C2 FlexCop driver probing. Installing [h6qm8tqh] IO hang in Reliable Datagram Socket remote DMA socket closing. Installing [jmo8wvme] Denial-of-service in CIFS POSIX file locks on close. Installing [c92mbxy5] CVE-2019-15538: Denial-of-service in XFS filesystem with Quota support enabled. Installing [6z2m3403] CVE-2020-7053: Use-after-free when destroying i915 GEM context. Installing [c5t3d5fa] NULL dereference while loading userspace I/O driver. Installing [8dgt3zi6] CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver. Installing [a4scbw6j] Kernel panic in Infiniband RDMA QP send queues. Installing [9m542zj0] Denial-of-service in IPMI device registration. Installing [jq0r6r0v] Denial-of-service in Pressure Stall Information cgroup destruction. Installing [m5jqkbu3] Denial-of-service in Infiniband pool destruction. Installing [miag3lwz] CVE-2019-19338: Missing Intel TAA mitigation in KVM guests. Installing [28o9c5jg] CVE-2019-14615: Information leak in Intel i915 generation 9 devices. Installing [e9ghelsq] Race condition in crypto initialization causes denial-of-service. Installing [8kg2ltrj] Denial-of-service in XFS whiteout renames. Installing [djt21tl9] NULL pointer dereference when mounting a GFS2 filesystem. Installing [fmlfqa0h] NULL-pointer dereference when driver logs in/out of system. Installing [r0hywzwk] Soft lockup in low memory situation due to misused allocator in LPFC. Installing [o6ivsuer] Use-after-free due to race condition in LPFC NVME write handling. Installing [muzxn90m] Hard lock up when handling aborts for LPFC. Installing [297glmum] Soft lockup when multiple threads read /proc/stat simultaneously. Installing [p2wsrgbk] Denial-of-service in the batman-adv subsystem. Installing [tg92ldhm] Spurious signals during TTY reopen. Installing [e6k3gzxq] CVE-2019-18809: Memory leak when identifying state in Afatech AF9005 DVB-T USB1.1 driver. Installing [9ccfw3yo] CVE-2019-18806: Memory leak when allocating large buffers in QLogic QLA3XXX Network driver. Installing [73fkk23h] Use-after-free when using NFS with page cache. Installing [d4thcifo] NULL pointer dereference during UBIFS mount. Installing [jdwrgfic] CVE-2020-10942: Out-of-bounds memory access in the Virtual host driver. Installing [iizw2yj1] Use-after-free when constructing ERSPAN packet header. Installing [221vs9ih] Deadlock when deleting NVMe namespace fails. Installing [1outnjhr] Out-of-bounds read when transmitting packet using XFRM. Installing [i6sjtrm9] Point-to-Point Protocol IOCDETACH ioctl causes use-after-free. Installing [8grqdp2d] Flawed logic in read/write semaphore implementation causes crash. Installing [jsndggsn] System fails to generate vmcore dump after panic. Installing [p6dow9c8] CVE-2018-5953: Information leak in software IO TLB driver. Your kernel is fully up to date. Effective kernel version is 4.14.35-1902.301.1.el7uek Cleanup : uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200128-0.noarch 2/2 Verifying : uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200417-0.noarch 1/2 Verifying : uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200128-0.noarch 2/2

Updated: uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64.noarch 0:20200417-0

Complete! [root@tvdexa07db01 Ksplice]#

Check the Newly Installed Uptrack Version

[root@tvdexa07db01 Ksplice]# yum list installed | grep uptrack-updates uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64.noarch 20200417-0 @/uptrack-updates-4.14.35-1902.9.2.el7uek.x86_64-20200417-0.noarch

[root@tvdexa07db01 Ksplice]# uname -r 4.14.35-1902.9.2.el7uek.x86_64

[root@tvdexa07db01 Ksplice]# uptrack-uname -r 4.14.35-1902.301.1.el7uek.x86_64

[root@tvdexa07db01 Ksplice]# uptrack-show Installed updates: [qb92vyqf] Known exploit detection. [inu8wb4r] Known exploit detection for CVE-2017-7308. [cd8sbgv7] Known exploit detection for CVE-2018-14634. [1kzvx01a] KPTI enablement for Ksplice. [6vwn8ut1] Known exploit detection for CVE-2018-18445. [4zccrjds] KSPLICE enablement for patching KVM Intel module. [gzezyqb5] Memory leak in Mellanox ConnextX HCA Infiniband CX-3 virtual functions. [bk9sc6f2] NULL pointer dereference when mounting a CIFS filesystem with invalid mount option. [tiomcx4f] CVE-2019-15917: Use-after-free when registering Bluetooth HCI uart device. [1oztqfiv] Memory corruption in Reliable Datagram Socket send completion. [13vvcp2l] Oracle ASM device hang during offline. [d1r03k7l] Network stall during RDMA failover. [mnnc6fcu] CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes. [tvgkcphj] Improved fix to CVE-2019-3016: Privilege escalation in KVM guest paravirtualized TLB flushes. [bss17slx] CVE-2019-19332: Denial-of-service in KVM cpuid emulation reporting. [sl587t78] Missing Non Maskable Interrupts on AMD KVM guests. [98393wix] CVE-2016-5244: Information leak in the RDS network protocol. [alabfukc] CVE-2019-17666: Remote code execution in Realtek peer-to-peer Wifi. [sc77umtr] CVE-2019-0155: Privilege escalation in Intel i915 graphics driver. [o8kefoq8] CVE-2019-0154: Denial-of-service in Intel i915 graphics driver. [cy9t2fe7] Improved fix to CVE-2019-11135: Side-channel information leak in Intel TSX on late microcode update. [3h40qtja] IO hang on block multiqueue device waits. [ll4csbbo] CVE-2019-20054: Denial-of-service in procfs sysctl removal. [r7vboahq] Deadlock in Reliable Datagram socket connection. [pojd20br] Denial-of-service in Reliable Datagram Socket send cancellation. [ayrz7nql] CVE-2020-2732: Privilege escalation in Intel KVM nested emulation. [e6szjj4l] CVE-2019-14901: Denial-of-service when parsing TDLS action frame in Marvell WiFi-Ex driver. [9253ftyr] CVE-2019-15291: Denial-of-service in B2C2 FlexCop driver probing. [h6qm8tqh] IO hang in Reliable Datagram Socket remote DMA socket closing. [jmo8wvme] Denial-of-service in CIFS POSIX file locks on close. [c92mbxy5] CVE-2019-15538: Denial-of-service in XFS filesystem with Quota support enabled. [6z2m3403] CVE-2020-7053: Use-after-free when destroying i915 GEM context. [c5t3d5fa] NULL dereference while loading userspace I/O driver. [8dgt3zi6] CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver. [a4scbw6j] Kernel panic in Infiniband RDMA QP send queues. [9m542zj0] Denial-of-service in IPMI device registration. [jq0r6r0v] Denial-of-service in Pressure Stall Information cgroup destruction. [m5jqkbu3] Denial-of-service in Infiniband pool destruction. [miag3lwz] CVE-2019-19338: Missing Intel TAA mitigation in KVM guests. [28o9c5jg] CVE-2019-14615: Information leak in Intel i915 generation 9 devices. [e9ghelsq] Race condition in crypto initialization causes denial-of-service. [8kg2ltrj] Denial-of-service in XFS whiteout renames. [djt21tl9] NULL pointer dereference when mounting a GFS2 filesystem. [fmlfqa0h] NULL-pointer dereference when driver logs in/out of system. [r0hywzwk] Soft lockup in low memory situation due to misused allocator in LPFC. [o6ivsuer] Use-after-free due to race condition in LPFC NVME write handling. [muzxn90m] Hard lock up when handling aborts for LPFC. [297glmum] Soft lockup when multiple threads read /proc/stat simultaneously. [p2wsrgbk] Denial-of-service in the batman-adv subsystem. [tg92ldhm] Spurious signals during TTY reopen. [e6k3gzxq] CVE-2019-18809: Memory leak when identifying state in Afatech AF9005 DVB-T USB1.1 driver. [9ccfw3yo] CVE-2019-18806: Memory leak when allocating large buffers in QLogic QLA3XXX Network driver. [73fkk23h] Use-after-free when using NFS with page cache. [d4thcifo] NULL pointer dereference during UBIFS mount. [jdwrgfic] CVE-2020-10942: Out-of-bounds memory access in the Virtual host driver. [iizw2yj1] Use-after-free when constructing ERSPAN packet header. [221vs9ih] Deadlock when deleting NVMe namespace fails. [1outnjhr] Out-of-bounds read when transmitting packet using XFRM. [i6sjtrm9] Point-to-Point Protocol IOCDETACH ioctl causes use-after-free. [8grqdp2d] Flawed logic in read/write semaphore implementation causes crash. [jsndggsn] System fails to generate vmcore dump after panic. [p6dow9c8] CVE-2018-5953: Information leak in software IO TLB driver.

Effective kernel version is 4.14.35-1902.301.1.el7uek [root@tvdexa07db01 Ksplice]#

One last personal feedback about Oracle Kesplice, this tool is really cool! Few times I used to quickly and effectively fix Kernel Bug online, avoiding unplanned service interruption.

ASM Filter Driver (ASMFD)

ASM Filter Driver is a Linux kernel module introduced in 12c R1. It resides in the I/O path of the Oracle ASM disks providing the following features:

Rejecting all non-Oracle I/O write requests to ASM Disks.

Device name persistency.

Node level fencing without reboot.

In 12c R2 ASMFD can be enabled from the GUI interface of the Grid Infrastructure installation, as shown on this post GI 12c R2 Installation at the step #8 “Create ASM Disk Group”.

Once ASM Filter Driver is in use, similarly to ASMLib the disks are managed using the ASMFD Label Name.

Here few examples about the implementation of ASM Filter Driver.

--How to create an ASMFD label in SQL*Plus
SQL> Alter system label set 'DATA1' to '/dev/mapper/mpathak';

System altered.


--How to create an ASM Disk Group with ASMFD
CREATE DISKGROUP DATA_DG EXTERNAL REDUNDANCY DISK 'AFD:DATA1' SIZE 30720M
ATTRIBUTE 'SECTOR_SIZE'='512','LOGICAL_SECTOR_SIZE'='512','compatible.asm'='12.2.0.1',
'compatible.rdbms'='12.2.0.1','compatible.advm'='12.2.0.1','au_size'='4M';

Diskgroup created.

ASM Filter Driver can also be managed from the ASM command line utility ASMCMD

--Check ASMFD status
ASMCMD> afd_state
ASMCMD-9526: The AFD state is 'LOADED' and filtering is 'ENABLED' on host 'oel7node06.localdomain'


--List ASM Disks where ASMFD is enabled
ASMCMD> afd_lsdsk
--------------------------------------------------------------------------------
Label                    Filtering                Path
================================================================================
DATA1                      ENABLED                /dev/mapper/mpathak
DATA2                      ENABLED                /dev/mapper/mpathan
DATA3                      ENABLED                /dev/mapper/mpathw
DATA4                      ENABLED                /dev/mapper/mpathac
GIMR1                      ENABLED                /dev/mapper/mpatham
GIMR2                      ENABLED                /dev/mapper/mpathaj
GIMR3                      ENABLED                /dev/mapper/mpathal
GIMR4                      ENABLED                /dev/mapper/mpathaf
GIMR5                      ENABLED                /dev/mapper/mpathai
RECO3                      ENABLED                /dev/mapper/mpathy
RECO1                      ENABLED                /dev/mapper/mpathab
RECO2                      ENABLED                /dev/mapper/mpathx
ASMCMD>


--How to remove an ASMFD label in ASMCMD
ASMCMD> afd_unlabel DATA4

Linux for DBA: Red Hat 7 removed and deprecated few commands

Linux Red Hat 7 and derived distributions have removed and deprecated few commands. Among them netstat and lsof, which are popular between DBAs.

This post shows how to obtain the network information in compliance with the new OS commands.

NETSTAT

netstat – is now considered obsolete, and it has been replaced by ss:

root@oel7qa01:~$ ss -t
State       Recv-Q Send-Q       Local Address:Port           Peer Address:Port 
ESTAB       0      0            192.168.1.117:54360          192.0.78.23:https 
ESTAB       0      0            192.168.1.117:48538          198.252.206.25:https 
ESTAB       0      0            192.168.1.117:42744          162.125.18.133:https 
ESTAB       0      0            127.0.0.1:38106              127.0.0.1:52828 
ESTAB       0      0            192.168.1.117:54008          192.0.78.23:https 
CLOSE-WAIT  1      0            192.168.1.117:60054          51.2xx.195.xx:https 
ESTAB       0      0            192.168.1.117:47904          198.2xx.202.xx:https 
CLOSE-WAIT  32     0            192.168.1.117:56724          108.1xx.172.xxx:https 
CLOSE-WAIT  32     0            192.168.1.117:47050          54.xx.201.xxx:https 
ESTAB       0      0            127.0.0.1:52828              127.0.0.1:38106 
CLOSE-WAIT  32     0            192.168.1.117:44728          108.1xx.xxx.6x:https 
ESTAB       0      0            192.168.1.117:41848          195.xxx.2xx.xxx:https 
ESTAB       0      0            192.168.7.50:41268           192.168.7.60:ssh 
ESTAB       0      0            2a02:1203:ecb0:7b80:58d9:f6e5:90d9:f266:53060 2a00:1450:400e:800::2003:https 
ESTAB       0      0            2a02:1203:ecb0:7b80:58d9:f6e5:90d9:f266:37978 2a00:1450:400a:804::200e:https 
ESTAB       0      0            2a02:1203:ecb0:7b80:58d9:f6e5:90d9:f266:51682 2a00:1450:400a:804::2003:https

The netstat -r information is now provided by the command ip route:

--Until Red Hat 6
[root@oel7node00 ~]# netstat -r
Kernel IP routing table
Destination     Gateway     Genmask        Flags  MSS Window irtt Iface
default         gateway     0.0.0.0        UG       0 0         0 enp0s8
default         gateway     0.0.0.0        UG       0 0         0 enp0s3
10.0.2.0        0.0.0.0     255.255.255.0  U        0 0         0 enp0s3
172.31.100.0    0.0.0.0     255.255.255.0  U        0 0         0 enp0s9
192.168.7.0     0.0.0.0     255.255.255.0  U        0 0         0 enp0s8
192.168.200.0   0.0.0.0     255.255.255.0  U        0 0         0 enp0s10


--As of Red Hat 7
[root@oel7node00 ~]# ip route
default via 192.168.7.50 dev enp0s8 proto static metric 100 
default via 10.0.2.2 dev enp0s3 proto static metric 101 
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 
172.31.100.0/24 dev enp0s9 proto kernel scope link src 172.31.100.10 metric 100 
192.168.7.0/24 dev enp0s8 proto kernel scope link src 192.168.7.60 metric 100 
192.168.200.0/24 dev enp0s10 proto kernel scope link src 192.168.200.10 metric 100

The netstat -i information is now provided by the command ip route:

--Until Red Hat 6
[root@oel7node00 ~]# netstat -i
Kernel Interface table
Iface     MTU    RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
enp0s3   1500       66      0      0 0           72      0      0      0 BMRU
enp0s8   1500     1201      0      0 0          687      0      0      0 BMRU
enp0s9   1500        2      0      0 0            2      0      0      0 BMRU
enp0s10  1500        2      0      0 0            7      0      0      0 BMRU
lo      65536        0      0      0 0            0      0      0      0 LRU


--As of Red Hat 7
[root@oel7node00 ~]# ip -s link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 RX: bytes packets errors dropped overrun mcast 
 0         0       0      0       0       0 
 TX: bytes packets errors dropped carrier collsns 
 0         0       0      0       0       0 
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
 link/ether 08:00:27:4c:63:1b brd ff:ff:ff:ff:ff:ff
 RX: bytes packets errors dropped overrun mcast 
 5860      66      0      0       0       0 
 TX: bytes packets errors dropped carrier collsns 
 5662      72      0      0       0       0 
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
 link/ether 08:00:27:2b:ca:66 brd ff:ff:ff:ff:ff:ff
 RX: bytes packets errors dropped overrun mcast 
 131645    1237    0      0       0       0 
 TX: bytes packets errors dropped carrier collsns 
 223396    704     0      0       0       0 
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
 link/ether 08:00:27:cc:fb:2e brd ff:ff:ff:ff:ff:ff
 RX: bytes packets errors dropped overrun mcast 
 120        2      0      0       0       0 
 TX: bytes packets errors dropped carrier collsns 
 120       2       0      0       0       0 
5: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
 link/ether 08:00:27:6f:7e:47 brd ff:ff:ff:ff:ff:ff
 RX: bytes packets errors dropped overrun mcast 
 120       2       0      0       0       0 
 TX: bytes packets errors dropped carrier collsns 
 558       7       0      0       0       0

The netstat -g information is now provided by the command ip maddr:

--Until Red Hat 6
[root@oel7node00 ~]# netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 all-systems.mcast.net
enp0s3 1 all-systems.mcast.net
enp0s8 1 all-systems.mcast.net
enp0s9 1 all-systems.mcast.net
enp0s10 1 all-systems.mcast.net
lo 1 ff02::1
lo 1 ff01::1
enp0s3 1 ff02::1
enp0s3 1 ff01::1
enp0s8 1 ff02::1
enp0s8 1 ff01::1
enp0s9 1 ff02::1
enp0s9 1 ff01::1
enp0s10 1 ff02::1
enp0s10 1 ff01::1


--As of Red Hat 7
[root@oel7node00 ~]# ip maddr
1: lo
 inet 224.0.0.1
 inet6 ff02::1
 inet6 ff01::1
2: enp0s3
 link 01:00:5e:00:00:01
 inet 224.0.0.1
 inet6 ff02::1
 inet6 ff01::1
3: enp0s8
 link 01:00:5e:00:00:01
 inet 224.0.0.1
 inet6 ff02::1
 inet6 ff01::1
4: enp0s9
 link 01:00:5e:00:00:01
 inet 224.0.0.1
 inet6 ff02::1
 inet6 ff01::1
5: enp0s10
 link 01:00:5e:00:00:01
 inet 224.0.0.1
 inet6 ff02::1
 inet6 ff01::1

LSOF

lsof is no longer included on the OS minimal installation, but not considered as obsolete or deprecated, therefore simply use yun to intall the missing package:

[root@oel7node00 ~]# which lsof
/usr/bin/which: no lsof in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)

[root@oel7node00 ~]# yum install lsof
Loaded plugins: ulninfo
Resolving Dependencies
--> Running transaction check
---> Package lsof.x86_64 0:4.87-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================================================
 Package Arch Version Repository Size
=========================================================================================================================================================
Installing:
 lsof x86_64 4.87-4.el7 ol7_latest 330 k

Transaction Summary
=========================================================================================================================================================
Install 1 Package

Total download size: 330 k
Installed size: 927 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
lsof-4.87-4.el7.x86_64.rpm | 330 kB 00:00:00 
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
 Installing : lsof-4.87-4.el7.x86_64 1/1 
 Verifying : lsof-4.87-4.el7.x86_64 1/1

Installed:
 lsof.x86_64 0:4.87-4.el7

Complete!

Oracle DB stored on ASM vs ACFS

Nowadays a new Oracle database environment with Grid Infrastructure has three main storage options:

Third party clustered file system
ASM Disk Groups
ACFS File System

While the first option was not in scope, this blog compares the result of the tests between ASM and ACFS, highlighting when to use one or the other to store 12c NON-CDB or CDB Databases.

The tests conducted on different environments using Oracle version 12.1.0.2 July PSU have shown controversial results compared to what Oracle is promoting for the Oracle Database Appliance (ODA) in the following paper: “Frequently Asked Questions Storing Database Files in ACFS on Oracle Database Appliance”

Outcome of the tests

ASM remains the preferred option to achieve the best I/O performance, while ACFS introduces interesting features like DB snapshot to quickly and space efficiently provision new databases.

The performance gap between the two solutions is not negligible as reported below by the AWR – TOP Timed Events sections of two PDBs, sharing the same infrastructure, executing the same workload but respectively using ASM and ACFS storage:

PDBASM: Pluggable Database stored on ASM Disk Group
PDBACFS:Pluggable Database stored on ACFS File System

PDBASM AWR – TOP Timed Events and Other Stats

topevents_asm

fg_asm

PDBACFS AWR – TOP Timed Events and Other Stats

fg_acfs

Due to the different characteristics and results when ASM or ACFS is in use, it is not possible to give a generic recommendation. But case by case the choise should be driven by business needs like maximum performance versus fast and efficient database clone.

My Oracle Notes

Tag: Linux