Pankaj Chandiramani's Blog

Hi , Recently i installed 11g db on one of my systems ,as it comes with APEX i thought to move my apex app(which were in 10g) to the same .........when i moved my apps , i got everything working but mail .......it gave error :ORA-24247: network access denied by access control list (ACL)

The issue is with ACL as by default, the ability to interact with network services is disabled in Oracle Database 11g. To enable i needed to run a procedure as shown below .

DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID RAW(16);
BEGIN
-- Look for the ACL currently assigned to '*' and give FLOWS_030000
-- the "connect" privilege if FLOWS_030000 does not have the privilege yet.

SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

-- Before checking the privilege, make sure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
--
-- ORA-44416: Invalid ACL: Unresolved principal 'FLOWS_030000'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
--
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1;

DBMS_XDBZ.ValidateACL(ACL_ID);
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'FLOWS_030000',
'connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
'FLOWS_030000', TRUE, 'connect');
END IF;

EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
'ACL that lets power users to connect to everywhere',
'FLOWS_030000', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
/
COMMIT;

Finally got it working :)

Now you can record & share the issues you are facing to Oracle Support .

https://metalink.oracle.com/metalink/plsql/f?p=130:14:7679480494464650902::::p14_database_id,p14_docid,p14_show_header,p14_show_help,p14_black_frame,p14_font:NOT,11.1,1,1,0,helvetica

Its a nice way to share the error & show the support guys on how that error occurred & faster reproducibility.

Been long time since i posted something  the reason being have started in new directions  ......working with OIM , OID & stuff these days .

So will be writing a post to install/config OIM in next couple of days & will keep on posting regularly on the topic.



 

I wrote this paper to describes the process & benefits of applying patches using the EM.
Case : RAC - 3 node 10.2.0.3
Patch : CPU July 2007
Method : Rolling patch , zero downtime , using Deployment procedures in EM.

You can access the paper here on OTN.
or by copying the below url :
http://www.oracle.com/technology/products/oem/pdf/saving%20time%20and%20labor%20on%20oracle%20patching%20with%20em%20provisioning%20pack%20-%20a%20case%20study%20with%20oracle%20internal%20it.pdf

Other interesting white papers on EM are also listed here .

I am loving the experience with Apex , we plan to have couple of new application using APEX , for that i neeed to configure SSO with apex .

It can be done in 3 steps :

1. Creating partner app
2. Installing sdk (You need to get sso sdk from midtier)
   
3. Configuring apex for sso(You need to login a zip file from here)

For step 1 , you need below :
HOME URL : http: // apex_server_name/pls/apex
Success URL : http: // apex_server_name/pls/apex/wwv_flow_custom_auth_sso.process_success
Log Out URL : http: // apex_server_name/pls/apex/apex

Note : not covering the actual creation process , pls look at "Creating Partner App in AS admin guide"

For Step 2:
First unlock the flows schema according to the apex version you have .
SQL> alter user flows_030100 account unlock; (If your Apex version is 2.0.0.0.0 change acccordingly)

Now you need to copy sso sdk from the midtier , Login to Middle tier $ORACLE_HOME/sso/lib
copy ssosdk902.zip , unzip it . It creates some sql scripts & packages .

Login to db as user flows_030100 & run loadsdk.sql
SQL>@loadsdk.sql (Make sure you are executing under flows_XXXX)

Above will load the sso schema into flows account.

For Step 3:
Now we need to wire sso & apex schema(flows_xx)

SQL> @regapp.sql
It will prompt you for
Enter value for listener_token: HTML_DB:Hostname:7777
Enter value for site_id: enter_value_returned_while_registering_sso
Enter value for site_token: enter_value_returned_while_registering_sso
Enter value for login_url: http: // apex_url_here/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: enter_value_returned_while_registering_sso
Enter value for ip_check: N

These above value you will get from Registring as partner app in step 1

Now configure authentication packages under flows_XXX schema
You need to login a zip file from here:
Unzip & get 2 files , execute as below

SQL> @custom_auth_sso.sql
SQL> @custom_auth_sso.plb

Finally you should lock flows_XXXX schema & grant execute permission to public user
SQL> alter user flows_020200 account unlock;
SQL> grant execute on wwv_flow_custom_auth_sso to APEX_PUBLIC_USER;

All set , once you use the authentication schema as sso , you can see the login page .

I have been using Apex extensively now , have created 3-4 application for production usage & i can finally say that its easy to use for us non developers also ;)

I will be covering the installation of Apex 3.0.1 in this post & will cover the SSO part in next .

Software Req:

1. Download Apex 3.0.1 from here
   
2. 10g Db
   
3. Http server

In short , the process of Installing & configuring apex goes like this :
Install 10g Db --> Install Http server (i used 10g AS) -->Install Apex

Starting the Apex Installation
I assume you have 10g Db installed , else read this post for details .

You need to create 2 table space , i created  apex1 & apex2 to seed the apex data :

create tablespace apex1 datafile '/apexdb/apex1.dbf' size 50M autoextend on next 10M maxsize 300M;

create tablespace apex2 datafile '/apexdb/apex2.dbf' size 50M autoextend on next 10M maxsize 300M;

Now we will seed the db with Apex configs .
Download Apex 3.0.1 from here & unzip it .

This will craete a subdirectory with name apex , cd into it & start sqlplus as sysdba & run apexins.sql as shown below.
cd apex
sqlplus system@tns_alias as sysdba
@apexins.sql {pass} {ts for user} {ts for files} {ts for temp} /i/

Where

pass - Password for Apex Super User
ts for user - Tablespace for User data (Created above)
ts for files - Tablespace for Apex files (Created above)
ts for temp - temporary tablespace (Usually Temp)
i - is the alias for image directory configuration in Application Server (Apache httpd.conf)

According to our config above , i used :

Sqlplus > @apexins.sql welcome apex1 apex2 temp /i/

It Takes ard 1 hr to get the seed data .

After this is complete , we go to the HTTP server location to configure Apex with it . AS we have the Oracle 10g AS installed we go to $ORACLE_HOME/Apache/modplsql/conf directory .

There in dads.conf we add the below lines :

#######
Alias /i/ "/apex/images/"  (replace with your image location)

AddType text/xml xbl
AddType text/x-component htc
<Location /pls/apex>
Order deny,allow
PlsqlDocumentPath docs
AllowOverride None
PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
PlsqlDatabaseConnectString host:port:service_name ServiceNameFormat
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
PlsqlAuthenticationMode Basic
SetHandler pls_handler
PlsqlDocumentTablename wwv_flow_file_objects$
PlsqlDatabaseUsername APEX_PUBLIC_USER
PlsqlDefaultPage apex
PlsqlDatabasePassword apex_public_user_password
Allow from all
</Location>
###################

For above replace according to your server & install locations , we did below :
PlsqlDatabaseConnectString xyz.com:1521:apexdb apexdb

Post Install
After this you need to restart the Appache server as shown below :

dcmctl updateconfig -ct ohs
opmnctl restartproc ias-component=HTTP_Server (Restart HTTP Server to check it)
ou are all set to use the Apex , try http://hostname.domainname:port/pls/apex

I will be writing on how to configure sso in next post

11g for linux is available for download @OTN from here.
Read all abt the new features for HA , Db Replay   etc from http://www.oracle.com/technology/products/database/oracle11g/index.html

I have seen couple of good technical whitepapers at otn , below is the link to the same .
These cover the complete series for new features , security , HA etc

http://www.oracle.com/technology/products/database/oracle11g/index.html

Backing Up and Recovering Voting Disks

What is a voting disk & why its needed ?
The voting disk records node membership information. A node must be
able to access more than half of the voting disks at any time.

For example, if you have seven voting disks configured, then a node must
be able to access at least four of the voting disks at any time. If a
node cannot access the minimum required number of voting disks it is evicted, or removed, from the cluster.

Backing Up Voting Disks

When to backup voting disk ?

1.       After installation
2.       After adding nodes to or deleting nodes from the cluster
3.       After performing voting disk add or delete operations

To make a backup copy of the voting disk, use the Linux dd command. Perform this operation on every voting disk as needed where voting_disk_name is the name of the active voting disk and backup_file_name is the name of the file to which you want to back up the voting disk contents:
dd if=voting_disk_name of=backup_file_name

If your voting disk is stored on a raw device, use the device name in place of voting_disk_name. For example:
dd if=/dev/sdd1 of=/tmp/voting.dmp

Note : When you use the dd command for making backups of the voting disk, the backup can be performed while the Cluster Ready Services (CRS) process is active; you do not need to stop the crsd.bin process before taking a backup of the voting disk.

Recovering Voting Disks

If a voting disk is damaged, and no longer usable by Oracle Clusterware, you can recover the voting disk if you have a backup file.

dd if=backup_file_name of=voting_disk_name

Administring OCR
We will see how OCR(Oracle cluster Registry) backup & recovery is done .

Backup
Oracle clusterware automatically creastes a OCR backup every 4 hrs & retains the last 3 backups . Actually the CRSD process creates & manages the backup for each full day & a weekly backup at nd of the week .
Default backup Location : $CRS_HOME/cdata/$clustername

Other than the automated backup , you can export the content any time you want to a file .
eg : $ ocrconfig -export emergency_export.ocr

You can see the list of ocrbackup by using :
$ ocrconfig -showbackup

As the backup directory is default , you can change the dir by using below command
$  ocrconfig -backuploc <directory>

Restore
OCR can be restored (if you have a backup ) be below command

NOTE: Should you need to restore, make sure all CRS daemons on all nodes are stopped.

To perform a restore, execute the command:

$ cd CRS_Home/cdata/crscluster
$ ocrconfig -restore  week.ocr

If you had exported using the above command & want to resore , then you can use import
IMPORTANT: Importing a backup when CRS daemons are running will only corrupt OCR.  

$ ocrconfig -import emergency_export.ocr

If anything is wrong than you can use the OCRDUMP comand to dump all info to a file & check
$ ocrdump OCR_DUMP

Also you can use :

$ ocrcheck 
to check for the stats of OCR