For the installation of the new RAC environment I will need the DNS server. Here are the steps to configure it
I have prepared the VM virtual server with 512 MB RAM and 15GB file system. I have installed the oracle enterprise linux.
Now I will show, how to configure the DNS:
Here is the network configuration:
[root@dns ~]# cd /etc/sysconfig/
[root@dns sysconfig]# cat network
NETWORKING=yes
HOSTNAME=dns.example.com
GATEWAY=192.168.0.1
eth0 interface configuration:
[root@dns network-scripts]# cat ifcfg-eth0
DEVICE="eth0"
BOOTPROTO=none
NM_CONTROLLED="yes"
ONBOOT=yes
UUID="4d41fdfc-475f-4701-8cb0-2e20b0727c3e"
HWADDR=00:0C:29:9C:1F:1C
IPADDR=192.168.0.111
PREFIX=24
GATEWAY=192.168.0.1
DNS1=192.168.0.111
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
/etc/hosts configuration:
[root@dns etc]# cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.111 dns.example.com dns
Now we will install bind package:
[root@dns etc]# yum install bind
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================
Package Arch Version Repository Size
=================================================================================================================
Installing:
bind x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4 ol6_latest 4.0 M
Transaction Summary
=================================================================================================================
Install 1 Package(s)
Total download size: 4.0 M
Installed size: 7.3 M
Is this ok [y/N]: y
Downloading Packages:
bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64.rpm | 4.0 MB 00:09
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64 1/1
Verifying : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64 1/1
Installed:
bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4
Check the status of the service:
[root@dns etc]# service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
named is stopped
configure the named.conf :
[root@dns etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.111; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.1/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "example.com" IN {
type master;
file "example.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "example.reverse";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
example.zone file located in the /var/named directory:
[root@dns named]# cat example.zone
$TTL 86400
$ORIGIN example.com.
@ 1D IN SOA dns.example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
; main domain name servers
IN NS dns.example.com.
dns IN A 192.168.0.111
rac11gnode1 IN A 192.168.0.112
rac11gnode2 IN A 192.168.0.113
rac11gnode3 IN A 192.168.0.114
rac11gnode1-vip IN A 192.168.0.212
rac11gnode2-vip IN A 192.168.0.213
rac11gnode3-vip IN A 192.168.0.214
rac11gcluster-scan IN A 192.168.0.115
IN A 192.168.0.116
IN A 192.168.0.117
example.reverse file located in teh /var/named directory:
[root@dns named]# cat example.reverse
$TTL 86400 ; 24 hours could have been written as 24h or 1d
@ 1D IN SOA example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS dns.example.com.
111 IN PTR dns.example.com.
112 IN PTR rac11gnode1.example.com.
113 IN PTR rac11gnode2.example.com.
114 IN PTR rac11gnode3.example.com.
212 IN PTR rac11gnode1-vip.example.com.
213 IN PTR rac11gnode2-vip.example.com.
214 IN PTR rac11gnode3-vip.example.com.
115 IN PTR rac11gcluster-scan.example.com
116 IN PTR rac11gcluster-scan.example.com
117 IN PTR rac11gcluster-scan.example.com
edit the /etc/resolv.con file:
[root@dns named]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.111
search example.com
Add following lines to the iptables, so all your servers will be able to connect to dns server on port 53:
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
Now, you can check, if its working:
[root@dns log]# nslookup rac11gnode1
Server: 192.168.0.111
Address: 192.168.0.111#53
Name: rac11gnode1.example.com
Address: 192.168.0.112
reverse lookup:
[root@dns log]# nslookup 192.168.0.112
Server: 192.168.0.111
Address: 192.168.0.111#53
112.0.168.192.in-addr.arpa name = rac11gnode1.example.com.
When the DNS is working, we can configure the ntp daemon, ass I will use this server also as the NTP server.
Edit the /etc/ntp.conf file:
[root@dns log]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
restrict 195.113.144.201 mask 255.255.255.245 nomodify notrap noquery
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 195.113.144.201
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
Add following line to iptables, to allow your servers to acces ntp server on port 123:
[root@dns log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
With this configuration we have the DNS and NTP configured.
Now I will show, how to configure the DNS:
Here is the network configuration:
[root@dns ~]# cd /etc/sysconfig/
[root@dns sysconfig]# cat network
NETWORKING=yes
HOSTNAME=dns.example.com
GATEWAY=192.168.0.1
eth0 interface configuration:
[root@dns network-scripts]# cat ifcfg-eth0
DEVICE="eth0"
BOOTPROTO=none
NM_CONTROLLED="yes"
ONBOOT=yes
UUID="4d41fdfc-475f-4701-8cb0-2e20b0727c3e"
HWADDR=00:0C:29:9C:1F:1C
IPADDR=192.168.0.111
PREFIX=24
GATEWAY=192.168.0.1
DNS1=192.168.0.111
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
/etc/hosts configuration:
[root@dns etc]# cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.111 dns.example.com dns
Now we will install bind package:
[root@dns etc]# yum install bind
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================
Package Arch Version Repository Size
=================================================================================================================
Installing:
bind x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4 ol6_latest 4.0 M
Transaction Summary
=================================================================================================================
Install 1 Package(s)
Total download size: 4.0 M
Installed size: 7.3 M
Is this ok [y/N]: y
Downloading Packages:
bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64.rpm | 4.0 MB 00:09
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64 1/1
Verifying : 32:bind-9.8.2-0.17.rc1.0.2.el6_4.4.x86_64 1/1
Installed:
bind.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.4
Check the status of the service:
[root@dns etc]# service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
named is stopped
configure the named.conf :
[root@dns etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.0.111; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.1/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "example.com" IN {
type master;
file "example.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "example.reverse";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
example.zone file located in the /var/named directory:
[root@dns named]# cat example.zone
$TTL 86400
$ORIGIN example.com.
@ 1D IN SOA dns.example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
; main domain name servers
IN NS dns.example.com.
dns IN A 192.168.0.111
rac11gnode1 IN A 192.168.0.112
rac11gnode2 IN A 192.168.0.113
rac11gnode3 IN A 192.168.0.114
rac11gnode1-vip IN A 192.168.0.212
rac11gnode2-vip IN A 192.168.0.213
rac11gnode3-vip IN A 192.168.0.214
rac11gcluster-scan IN A 192.168.0.115
IN A 192.168.0.116
IN A 192.168.0.117
example.reverse file located in teh /var/named directory:
[root@dns named]# cat example.reverse
$TTL 86400 ; 24 hours could have been written as 24h or 1d
@ 1D IN SOA example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS dns.example.com.
111 IN PTR dns.example.com.
112 IN PTR rac11gnode1.example.com.
113 IN PTR rac11gnode2.example.com.
114 IN PTR rac11gnode3.example.com.
212 IN PTR rac11gnode1-vip.example.com.
213 IN PTR rac11gnode2-vip.example.com.
214 IN PTR rac11gnode3-vip.example.com.
115 IN PTR rac11gcluster-scan.example.com
116 IN PTR rac11gcluster-scan.example.com
117 IN PTR rac11gcluster-scan.example.com
edit the /etc/resolv.con file:
[root@dns named]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.111
search example.com
Add following lines to the iptables, so all your servers will be able to connect to dns server on port 53:
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
Now, you can check, if its working:
[root@dns log]# nslookup rac11gnode1
Server: 192.168.0.111
Address: 192.168.0.111#53
Name: rac11gnode1.example.com
Address: 192.168.0.112
reverse lookup:
[root@dns log]# nslookup 192.168.0.112
Server: 192.168.0.111
Address: 192.168.0.111#53
112.0.168.192.in-addr.arpa name = rac11gnode1.example.com.
When the DNS is working, we can configure the ntp daemon, ass I will use this server also as the NTP server.
Edit the /etc/ntp.conf file:
[root@dns log]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
restrict 195.113.144.201 mask 255.255.255.245 nomodify notrap noquery
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 195.113.144.201
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
Add following line to iptables, to allow your servers to acces ntp server on port 123:
[root@dns log]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
With this configuration we have the DNS and NTP configured.