This chapter describes the users, groups and environment settings used during Oracle Grid Infrastructure for a Cluster and Oracle Real Application Clusters installations.
This chapter contains the following topics:
Log in as an Administrator user, and use the following instructions to create the Oracle Installation user for Oracle Grid Infrastructure:
About the Oracle Home User for the Oracle Grid Infrastructure Installation
Understanding the Oracle Inventory Directory and the Oracle Inventory Group
Note:
During an Oracle Grid Infrastructure installation, both Oracle Clusterware and Oracle Automatic Storage Management (Oracle ASM) are installed. You no longer can have separate Oracle Clusterware installation owners and Oracle ASM installation owners.To install the Oracle Grid Infrastructure or Oracle Database software, you must use either a local or domain user that is a member of the Administrators group. This user is the Oracle Installation User. The Oracle Installation User can be either a local user or a domain user.
If you use a local user account for installing Oracle Grid Infrastructure, then:
The user account must exist on all nodes in the cluster.
The user name and password must be the same on all nodes.
OUI displays a warning message.
If you use a domain user account for installing Oracle Grid Infrastructure, then:
The domain user must be explicitly declared as a member of the local Administrators group on each node in the cluster. It is not sufficient if the domain user has inherited membership from another group.
The user performing the installation must be in the same domain on each node. For example, you cannot have use the DBADMIN\dba1 user on the first node and the RACDBA\dba1 user on the second node.
A local user of the same name cannot exist on any of the nodes. For example if you use RACDBA\dba1 as the installation user, none of the nodes can have a local NODE1\dba1 user account.
During installation of Oracle Grid Infrastructure, you can specify an optional Oracle Home user associated with the Oracle Grid home. For example, assume that you use an Administrator user named OraSys to install the software (Oracle Installation user), then you can specify the ORADOMAIN\OraGrid domain user as the Oracle Home user for this installation. The specified Oracle Home domain user must exist before you install the Oracle Grid Infrastructure software.
The Oracle Home user for the Oracle Grid Infrastructure installation can be either the Windows built-in account (LocalSystem), or an existing user. If you specify an existing user as the Oracle Home user, then the Windows User Account you specify must be a domain user. When you use an Oracle Home User, a secure wallet in Oracle Cluster Registry (created automatically) stores the Oracle Home User name and password information. If you decide not to create an Oracle Home user, then the Windows built-in account is used as Oracle Home User.
Note:
You cannot change the Oracle Home User after the installation is complete. If you must change the Oracle Home User, then you must reinstall the Oracle Grid Infrastructure software.For Oracle Grid Infrastructure 12c release 12.1.0.1, if you choose the Oracle Grid Infrastructure Management Repository option during installation, then use of an Oracle Home user is mandatory. Similarly, if you perform a software-only installation of Oracle Grid Infrastructure, then you must choose a Windows Domain User account to configure the Oracle Grid Infrastructure Management Repository after installation.
During installation, the installer creates the software services and configures the Access Control Lists (ACLs) based on the information you provided about the Oracle Home User. See the section "About File Permissions" in Oracle Database Platform Guide for Microsoft Windows for more information.
When you specify an Oracle Home user, the installer configures that user as the Oracle Service user for all software services that run from the Oracle home. The Oracle Service user is the operating system user that the Oracle software services run as, or the user from which the services inherit privileges.
See Also:
Oracle Database Platform Guide for Microsoft Windows for more information about the Oracle Home User and how database services run in this user accountDuring installation of Oracle RAC, you can either use a Windows built-in account or specify an optional, non-Administrator user that is a Windows domain user to be the Oracle Home User associated with the Oracle RAC home. The Oracle Home User for Oracle RAC can be different from the Oracle Home User you specified during the Oracle Grid Infrastructure installation. If a Windows domain user account is chosen, then it should be an existing domain user account with no administration privileges.
For Oracle RAC installations, Oracle recommends that you use a Windows domain user (instead of Windows built-in account) as the Oracle Home User for enhanced security.
The services created for the Oracle RAC software run using the privileges of the Oracle Home User for Oracle RAC, or the Local System built-in Windows account if you did not specify an Oracle Home User during installation. OUI creates the ORA_DBA group on all nodes and the user performing the installation is automatically added to this group. For more information about the Oracle Home User implementation for Oracle Database, see Oracle Database Platform Guide for Microsoft Windows.
For an administrator-managed database, you have the option of storing Oracle Home User password in a secure wallet (stored in Oracle Cluster Registry). Use the following CRSCTL command to create this secure wallet for storing the Windows operating system user name and password:
crsctl add wallet -osuser -passwd
If the wallet (stored in Oracle Cluster Registry) exists, then Oracle administration tools automatically use the password from the wallet without prompting the administrator to enter the password of Oracle Home User for performing administrative operations.
A policy-managed database mandates the storage of Oracle Home User password in the wallet (stored in Oracle Cluster Registry). When a policy-managed database is created, DBCA automatically creates the wallet, if one does not exist.
Note:
If you choose to use an Oracle Home user for your Oracle RAC installation, then the Windows User Account you specify must be a domain user.You must create an Oracle Home User in the following circumstances:
If an Oracle Home User exists, but you want to use a different operating system user, with different group membership, to give database administrative privileges to those groups in a new Oracle Database installation
If you have created an Oracle Home User for Oracle Grid Infrastructure, such as grid, and you want to create a separate Oracle Home User for Oracle Database software, such as oracle
Review the following restrictions and guidelines for Oracle Home Users for Oracle software installations:
If you intend to use multiple Oracle Home Users for different Oracle Database homes, then Oracle recommends that you create a separate Oracle Home User for Oracle Grid Infrastructure software (Oracle Clusterware and Oracle ASM).
If you plan to install Oracle Database or Oracle RAC, then Oracle recommends that you create separate Oracle Home Users for the Oracle Grid Infrastructure and the Oracle Database installations. If you use one Oracle Home User, then when you want to perform administration tasks, you must select the utilities from the Oracle home for the instance you want to administer, or change the default %ORACLE_HOME% value to the location of the Oracle Home from which the instance runs. For Oracle ASM instances, you must use the Oracle Grid Infrastructure home and for database instance use the Oracle Database home.
If you try to administer an Oracle home or Grid home instance using sqlplus, lsnrctl, or asmcmd commands while the environment variable %ORACLE_HOME% is set to a different Oracle home or Grid home path, then you encounter errors. For example, when you start SRVCTL from a database home, %ORACLE_HOME% should be set to that database home, or SRVCTL fails. The exception is when you are using SRVCTL in the Oracle Grid Infrastructure home. In that case, SRVTCL ignores %ORACLE_HOME%, and the Oracle home environment variable does not affect SRVCTL commands. In all other cases, using the Start menu, you must start the utilities from the Oracle home of the instance that you want to administer, or set the value of %ORACLE_HOME% to the correct Oracle home path before starting the utility.
To determine whether an Oracle Home user named oracle or grid exists, do the following:
Open the Control Panel window.
Select User Accounts.
Select Manage User Accounts. Scroll through the list of names until you find the ones you are looking for. If the names do not appear in the list, then the user has not yet been created.
You must decide to use an existing user, or create a new user. See one of the following sections for more information:
Use the Manage User Accounts window to create a new user.
Open the Control Panel window.
Select User Accounts.
Select Manage User Accounts.
The user must not be a member of the Administrators group. If you creating an Oracle Home User for an Oracle RAC installation, then the user must be a Windows domain user, and the user must be a member of the same domain on each node in the cluster.
See Also:
Oracle Database Platform Guide for Microsoft Windows for information about the Oracle Home User Control utilityIf the user you have decided to use as an Oracle Home user exists, then you can use this user as the Oracle Home user for a different installation. During the software installation, OUI creates the appropriate group memberships.
Oracle does not support changing the ownership of an existing Oracle Database home from one Oracle Home user to a different user.
When the Oracle software installation completes, you will have one of the following configurations:
| Installation Type | Oracle Home user configuration |
|---|---|
| Oracle Grid Infrastructure with a domain user specified for the Oracle Home User | The Oracle Home user owns the Oracle Grid Infrastructure Management Repository service. The other services are run under the built-in Administrator account, except for the listeners, which run as LocalService (a built-in Windows account). |
| Oracle Grid Infrastructure with the Windows built-in Administrator account as the Oracle Home User | The Oracle Grid Infrastructure services are run under the built-in Administrator account, except for the listeners, which run as LocalService. |
| Oracle RAC with specified Oracle Home User | The Oracle Home User owns all the services run by the Oracle Database software. |
| Oracle RAC with Built-in Oracle Home user | The services run under the built-in LocalSystem account. |
Note:
You cannot change the Oracle Home User after installation to a different Oracle Home User. Only out-of-place upgrade or move allows the Oracle Home User to be changed to or from the built-in Windows account.The location of the Oracle central inventory on Windows is always %SYSTEM_DRIVE%\Program Files\Oracle\Inventory. When you install Oracle software on the system for the first time, OUI creates the directories for the Oracle central inventory and the Oracle Inventory group, ORA_INSTALL. The ORA_INSTALL group contains all the Oracle Home users for all Oracle homes on the server.
Whether you are performing the first installation of Oracle software on this server, or are performing an installation of additional Oracle software on the server, you do not need to create the Oracle central inventory or the ORA_INSTALL group; the Oracle Universal Installer creates them automatically. You cannot change the name of the Oracle Inventory group - it is always ORA_INSTALL.
When you install either Oracle Grid Infrastructure or Oracle RAC, the user groups listed in Table 5-1 are created, if they do not already exist.
Table 5-1 Operating System Groups Created During Installation
| Operating System Group Names | System Privileges | Description |
|---|---|---|
|
|
SYSASM system privileges for Oracle ASM administration |
The OSASM group for the Oracle ASM instance. Using this group and the SYSASM system privileges enables the separation of SYSDBA database administration privileges from Oracle ASM storage administration privileges. Members of the OSASM group are authorized to connect using the SYSASM privilege and have full access to Oracle ASM, including administrative access to all disk groups that the Oracle ASM instance manages. |
|
|
SYSDBA system privileges on the Oracle ASM instance |
The OSDBA group for the Oracle ASM instance. This group grants access for the database to connect to Oracle ASM. During installation, the Oracle Installation Users are configured as members of this group. After you create an Oracle Database, this groups contains the Oracle Home Users of those database homes. |
|
|
SYSOPER for ASM system privileges |
The OSOPER group for the Oracle ASM instance. Members of this group are granted SYSOPER system privileges on the Oracle ASM instance, which permits a user to perform operations such as startup, shutdown, mount, dismount, and check disk group. This group has a subset of the privileges of the OSASM group. Similar to the |
|
|
SYSDBA system privileges for the Oracle Grid Infrastructure Management Repository database |
Members of this group are granted the SYSDBA system privileges for managing the Oracle Grid Infrastructure Management Repository database, where The default home name is OraGrid12Home1, so the default group name is |
|
|
SYSOPER system privileges for the Oracle Grid Infrastructure Management Repository database |
Members of this group are granted the SYSOPER system privileges for managing the Oracle Grid Infrastructure Management Repository database, where If you use the default Grid home name of OraGrid12Home1,then the default operating system group name is |
|
SYSDBA system privileges for all Oracle Database installations on the server |
A special OSDBA group for the Windows operating system. Members of this group are granted SYSDBA system privileges for all Oracle Databases installed on the server. |
|
|
|
SYSOPER system privileges for all Oracle databases installed on the server |
A special OSOPER group for the Windows operating system. Members of this group are granted SYSOPER system privileges all Oracle Databases installed on the server. This group does not have any members after installation, but you can manually add users to this group after the installation completes. |
|
|
SYSDBA system privileges for all database instances that run from the Oracle home with the name |
An OSDBA group for a specific Oracle Home with a name of Members of this group can use operating system authentication to gain SYSDBA system privileges for any database that runs from the specific Oracle home. If you specified an Oracle Home User during installation, the user is added to this group during installation. |
|
|
SYSOPER system privileges for all database instances that run from the Oracle home with the name |
An OSDBA group for the Oracle Home with a name of Members of this group can use operating system authentication to gain SYSOPER system privileges for any database that runs from the specific Oracle home. This group does not have any members after installation, but you can manually add users to this group after the installation completes. |
|
|
SYSBACKUP system privileges for all database instances that run from the Oracle home with a name of |
OSBACKUPDBA group for a specific Oracle Home with a name of Members of this group have privileges necessary for performing database backup and recovery tasks on all database instances that run from the specified Oracle Home directory. |
|
|
SYSDG system privileges for all database instances that run from the Oracle home with a name of |
OSDGDBA group for a specific Oracle Home with a name of Members of this group have privileges necessary for performing Data Guard administrative tasks on all database instances that run from the specified Oracle Home directory. |
|
|
SYSKM system privileges for all database instances that run from the Oracle home with a name of |
OSKMDBA group for a specific Oracle Home with a name of Members of this group have privileges necessary for performing encryption key management tasks on all database instances that run from the specified Oracle Home directory. |
During installation, the gridconfig.bat script creates the services and groups on each node of the cluster. The installed files and permissions are owned by the Oracle Installation user, and require the Administrator privilege.
Oracle creates and populates the groups listed in Table 5-1 during installation to ensure proper operation of Oracle products. You can manually add other users to these groups to assign these database privileges to other Windows users.
Members of the ORA_DBA group can use operating system authentication to administer all Oracle databases installed on the server. Members of the ORA_HOMENAME_DBA, where HOMENAME is the name of a specific Oracle installation, can use operating system authentication to manage only the databases that run from that Oracle home.
See Also:
Section C.2, "Understanding Operating System Groups and User Privileges" for more information about the available operating system groups and associated privilegesA job role separation configuration of Oracle Database and Oracle ASM is a configuration with groups and users to provide separate groups for operating system authentication.
With Oracle Database job role separation, each Oracle Database installation has separate operating system groups to provide authentication for system privileges on that Oracle Database, so multiple databases can be installed on the cluster without sharing operating system authentication for system privileges. In addition, each Oracle software installation is associated with an Oracle Installation user, to provide operating system user authentication for modifications to Oracle Database binaries.
With Oracle Grid Infrastructure job role separation, Oracle ASM has separate operating system groups that provide operating system authentication for Oracle ASM system privileges for storage tier administration. This operating system authentication is separated from Oracle Database operating system authentication. In addition, the Oracle Grid Infrastructure Installation user provides operating system user authentication for modifications to Oracle Grid Infrastructure binaries.
During the Oracle Database installation, the OSDBA, OSOPER, OSBACKUPDBA, OSDGDBA and OSKMDBA groups are created and users assigned to these groups. Members of these groups are granted operating system authentication for the set of database system privileges each group authorizes. Oracle recommends that you use different operating system groups for each set of system privileges.
Note:
This configuration is optional, to restrict user access to Oracle software by responsibility areas for different administrator users.Note:
To configure users for installation that are on a network directory service such as Network Information Services (NIS), refer to your directory service documentation.See Also:
Oracle Database Administrator's Guide for more information about planning for system privileges authentication
Oracle Automatic Storage Management Administrator's Guide for more information about Oracle ASM operating system authentication
Oracle recommends that you use the following operating system groups and users for all installations where you specify separate Oracle Home Users:
Separate Oracle Installation users for each Oracle software product (typically, oracle, for the Oracle Database software, and grid for the Oracle Grid Infrastructure software.
You must create at least one Oracle Installation user the first time you install Oracle software on the system. This user owns the Oracle binaries of the Oracle Grid Infrastructure software, and you can also use this same user as the Oracle Installation user for the Oracle Database or Oracle RAC binaries.
The Oracle Installation user for Oracle Database software has full administrative privileges for Oracle instances and is added to the ORA_DBA, ORA_ASMDBA, ORA_HOMENAME_SYSBACKUP, ORA_HOMENAME_SYSDG, and ORA_HOMENAME_SYSKM groups. Oracle Home users are added to the ORA_HOMENAME_DBA group for the Oracle home created during the installation. The ORA_OPER and ORA_HOMENAME_OPER groups are created, but no users are added to these groups during installation.
See Also:
Oracle Database Security Guide for more information about the available operating system groups and the privileges associated with each groupThe following is a list of operating system groups for Oracle Database. These groups provide operating system authentication for database administration system privileges:
The installation process creates this group the first time you install Oracle Database software on the system. This group identifies operating system user accounts that have database administrative privileges (the SYSDBA system privilege) for all database instances running on the server.
Members of the ORA_DBA group do not have SYSASM system privilege on Oracle ASM instances, which are needed for mounting and dismounting disk groups.
OSOPER group for Oracle Database (ORA_OPER)
Use this group if you want a separate group of operating system users to have a limited set of database administrative privileges for starting up and shutting down the database (the SYSOPER system privilege).
OSDBA group for a particular Oracle home (ORA_HOMENAME_DBA)
This group is created the first time you install Oracle Database software into a new Oracle home. This group identifies operating system user accounts that have database administrative privileges (the SYSDBA system privilege) for the database instances that run from that Oracle home.
OSOPER group for a particular Oracle home (ORA_HOMENAME_OPER)
Use this group if you want a separate group of operating system users to have a limited set of database administrative privileges for starting up and shutting down the database instances that run from a particular Oracle home (the SYSOPER system privilege).
Starting with Oracle Database 12c Release 1 (12.1), in addition to the SYSOPER system privilege to start and shut down the database, you can create new administrative privileges that are more task-specific and less privileged than the ORA_DBA group (or SYSDBA system privilege) to support specific administrative privileges tasks required for everyday database operation. Users granted these system privileges are also authenticated through operating system group membership.
The installer automatically creates operating system groups whose members are granted these system privileges. The OSDBA subset job role separation privileges and groups consist of the following:
OSBACKUPDBA group for Oracle Database (ORA_HOMENAME_SYSBACKUP)
Assign users to this group if you want a separate group of operating system users to have a limited set of database backup and recovery related administrative privileges (the SYSBACKUP privilege).
OSDGDBA group for Oracle Data Guard (ORA_HOMENAME_SYSDG)
Assign users to this group if you want a separate group of operating system users to have a limited set of privileges to administer and monitor Oracle Data Guard (the SYSDG privilege).
OSKMDBA group for encryption key management (ORA_HOMENAME_SYSKM)
Assign users to this group if you want a separate group of operating system users to have a limited set of privileges for encryption key management such as Oracle Wallet Manager management (the SYSKM privilege).
See Also:
FOracle Database Installation Guide for Microsoft Windows for information about these groups.The SYSASM, SYSOPER for ASM, and SYSDBA for ASM system privileges enables the separation of the Oracle ASM storage administration privileges from SYSDBA.
During installation, the following groups are created for Oracle ASM:
OSASM Group for Oracle ASM Administration (ORA_ASMADMIN)
Use this separate group to have separate administration privilege groups for Oracle ASM and Oracle Database administrators. Members of this group are granted the SYSASM system privilege to administer Oracle ASM. In Oracle documentation, the operating system group whose members are granted privileges is called the OSASM group. During installation, the Oracle Installation User for Oracle Grid Infrastructure and Oracle Database Service IDs are configured as members of this group. Membership in this group also grants database access to the ASM disks.
Members of the OSASM group can use SQL to connect to an Oracle ASM instance as SYSASM using operating system authentication. The SYSASM system privilege permits mounting and dismounting disk groups, and other storage administration tasks. SYSASM system privileges do not grant access privileges on an Oracle Database instance.
OSDBA for ASM Database Administrator group (ORA_ASMDBA)
This group grants access for the database to connect to Oracle ASM. During installation, the Oracle Installation Users are configured as members of this group. After you create an Oracle Database, this groups contains the Oracle Home Users of those database homes.
OSOPER for ASM Group for ASM Operators (ORA_ASMOPER)
This is an optional group. Use this group if you want a separate group of operating system users to have a limited set of Oracle ASM instance administrative privileges (the SYSOPER for ASM system privilege), including starting up and stopping the Oracle ASM instance. By default, members of the OSASM group also have all privileges granted by the SYSOPER for ASM system privilege.
To use the Oracle ASM Operator group to create an Oracle ASM administrator with fewer privileges than those granted by the SYSASM system privilege you must assign the user to this group after installation.
When upgrading from Oracle Grid Infrastructure release 12.1.0.1 to release 12.1.0.2, the upgrade process automatically updates the group memberships and the disk ACLs for Oracle ASM privileges.
The disk ACLs are updated to add ORA_ASMADMIN and remove ORA_ASMDBA.
The database service SIDs are added to both ORA_ASMADMIN and ORA_ASMDBA
The Oracle Service user (typically the Oracle Home user) is added to ORA_ASMDBA
These updates ensure that databases using either Oracle Database release 12.1.0.1 or release 12.1.0.2 can use Oracle ASM after the upgrade to Oracle Grid Infrastructure release 12.1.0.2.
If Oracle ASM is freshly installed as part of Oracle Grid Infrastructure 12c Release 1 (12.1.0.2), then only the 12.1.0.2 version of the privileges are configured:
The database service SIDs are added to ORA_ASMADMIN
The Oracle Service user (typically the Oracle Home user) is added to ORA_ASMDBA
The disk ACLs are updated to include ORA_ASMADMIN
Before you install Oracle Database 12c release 12.1.0.1 software on a system with a new installation (not an upgraded installation) of Oracle Grid Infrastructure 12c Release 1 (12.1.0.2), you must apply a patch to ensure the proper privileges are configured when you create an Oracle Database 12c release 12.1.0.1 database.
The following is an example of how to use role-allocated groups and users that is compliant with an Optimal Flexible Architecture (OFA) deployment.
Assumptions:
The user installing the Oracle Grid Infrastructure software is named RACDOMAIN\grid. This user was created before starting the installation.
The option to use the Windows Built-in Account was selected for the Oracle Home user for Oracle Grid Infrastructure.
The Oracle Grid Infrastructure software is installed in the directory C:\app\12.1.0\grid. The base directory for the Oracle Grid Infrastructure installation is C:\app\grid.
The name of the home directory for the Oracle Grid Infrastructure installation is OraGrid12c.
The user installing the Oracle RAC software is named oracle. This user was created before starting the installation.
During installation of Oracle RAC, an Oracle Home user named RACDOMAIN\oradba1 is specified. The oradba1 user is a Windows domain user that was created before the installation was started.
The name of the Oracle home for the Oracle RAC installation is OraRAC12c_home1.
The Oracle RAC software installation uses the base directory C:\app\oracle
You have a second, Oracle Database installation (not Oracle RAC) on this server. The installation was performed by the oracle user. The Oracle Home user is oradba2, and this user was not created before starting the installation.
The Oracle Home name is OraDB12c_home1.
Both the Oracle databases and Oracle Clusterware are configured to use Oracle ASM for data storage.
After installing the Oracle software, you have the following groups and users:
| Operating System Group Name | Type of Group | Members |
|---|---|---|
ORA_DBA |
OSDBA group | oracle, RACDOMAIN\grid, and the Local System built-in Windows account |
ORA_OraRAC12c_home1_DBA |
OSDBA group for the Oracle RAC home directory | RACDOMAIN\oradba1 |
ORA_OraDB12c_home1_DBA |
OSDBA group for the Oracle Database home directory | oradba2 |
ORA_OPER |
OSOPER group | |
ORA_OraRAC12c_home1_OPER |
OSOPER group for the Oracle RAC home directory | |
ORA_OraDB12c_home1_OPER |
OSOPER group for the Oracle Database home directory | |
ORA_ASMADMIN |
OSASM group | RACDOMAIN\grid and the Local System built-in Windows account, and the database service IDs |
ORA_ASMOPER |
OSOPER for ASM group | |
ORA_ASMDBA |
OSDBA for ASM group for Oracle ASM clients | RACDOMAIN\grid, oracle, the Local System built-in Windows account, and Oracle Home Users of database homes |
ORA_RAC12c_home1_SYSBACKUP, ORA_RAC12c_home1_SYSDG, and ORA_RAC12c_home1_SYSKM |
Specialized role groups that authenticate users with the SYSBACKUP, SYSDG, and SYSKM system privileges. | |
ORA_DB12c_home1_SYSBACKUP, ORA_DB12c_home1_SYSDG, and ORA_DB12c_home1_SYSKM |
Specialized role groups that authenticate users with the SYSBACKUP, SYSDG, and SYSKM system privileges. |
If there are no users listed for an operating system group, then that means the group has no members after installation.
When installing Oracle Grid Infrastructure for a cluster, you run the installer software as an Administrator user. During installation, you can specify an Oracle Home user. Before starting the installation, there are a few checks you need to perform for the Oracle Installation users, to ensure the installation will succeed.
Before starting the Oracle Grid Infrastructure installation, ensure the %TEMP% environment variable is set correctly. See Section 2.1.6, "Checking the Available TEMP Disk Space".
Before running OUI, from the node where you intend to run the installer, verify that the user account you are using for the installation is configured as a member of the Administrators group on each node in the cluster. Enter the following command for each node that is a part of the cluster where nodename is the node name:
net use \\nodename\C$
If you will be using other disk drives in addition to the C: drive, then repeat this command for every node in the cluster, substituting the drive letter for each drive you plan to use.
The installation user must also be able to update the Windows registry on each node in the cluster. To verify the installation user is configured, perform the following steps:
From the File menu select Connect Network Registry.
In the 'Enter the object name…' edit box enter the name of a remote node in the cluster, then click OK.
Wait for the node to appear in the registry tree.
If the remote node does not appear in the registry tree or you are prompted to fill in a username and password, then you must resolve the permissions issue at the operating system level before proceeding with the Oracle Grid Infrastructure installation.
Note:
For the installation to be successful, you must use the same user name and password on each node in a cluster or use a domain user. You must explicitly grant membership in the local Administrators group to domain users on all of the nodes in your cluster.To ensure that only trusted applications run on your computer, Windows Server 2008 and Windows Server 2008 R2 provide User Account Control. If you have enabled this security feature, then depending on how you have configured it, OUI prompts you for either your consent or your credentials when installing Oracle Database. Provide either the consent or your Windows Administrator credentials as appropriate.
You must have Administrator privileges to run some Oracle tools, such as DBCA, NETCA, and OPatch, or to run any tool or application that writes to any directory within the Oracle home. If User Account Control is enabled and you are logged in as the local Administrator, then you can successfully run each of these commands. However, if you are logged in as "a member of the Administrators group," then you must explicitly run these tools with Windows Administrator privileges.
All of the Oracle shortcuts that require Administrator privileges are automatically run as an "Administrator" user when you click the shortcuts. However, if you run the previously mentioned tools from a Windows command prompt, then you must run them from an Administrator command prompt. OPatch does not have a shortcut and must be run from an Administrator command prompt.
During installation, you are prompted to provide a path to a home directory to store Oracle Grid Infrastructure software. You also need to provide a home directory when installation Oracle RAC. Each directory has certain requirements that must be met for the software to work correctly.
Oracle Universal Installer creates the directories during installation if they do not exist.
About the Directories Used During Installation of Oracle Grid Infrastructure
Requirements for the Oracle Grid Infrastructure Home Directory
OUI uses several directories during installation of Oracle Grid Infrastructure.
Note:
The base directory for Oracle Grid Infrastructure 12c and the base directory for Oracle RAC 12c must be different from the directories used by the Oracle RAC 11g Release 2 installation.To install properly across all nodes, OUI uses the temporary folders defined within Microsoft Windows. The TEMP and TMP environment variables should point to the same local directory on all nodes in the cluster. By default, these settings are defined as %USERPROFILE%\Local Settings\Temp and %USERPROFILE%\Local Settings\Tmp in the Environment Settings of My Computer. It is recommended to explicitly redefine these as %WINDIR%\temp and %WINDIR%\tmp, for example, C:\Windows\temp or C:\Windows\tmp for all nodes, if Windows is installed on the C drive.
The directory that Oracle Grid Infrastructure is installed in is the Grid home. When installing Oracle Grid Infrastructure, you must determine the location of the Grid home. Oracle ASM is also installed in this home directory.
If you plan to install Oracle RAC, you must choose a different directory in which to install the Oracle Database software. The location of the Oracle RAC installation is the Oracle home.
During installation, you are prompted to specify an Oracle base location, which is owned by the user performing the installation. You can choose a location with an existing Oracle home, or choose another directory location that does not have the structure for an Oracle base directory.
If you install Oracle Database 12c Release 1 (12.1) on a computer with no other Oracle software installed, OUI creates an Oracle base directory for you. If Oracle software is already installed, then one or more Oracle base directories already exist. In the latter case, OUI offers you a choice of Oracle base directories to use during installation.
Caution:
After installing Oracle Database 12c Release 1 (12.1) (or later) release with a Windows User Account as Oracle Home User, do not install older releases of Oracle Databases that share the same Oracle Base Directory. During installation of the software for older releases, the ACLs are reset and Oracle Database 12c Release 1 (12.1) (or later) services may not be able to access the Oracle Base directory and files.In a default Windows installation, the Oracle base directory appears as follows, where X represents a disk drive and username is the name of the currently logged in user:
X:\app\username
Using the Oracle base directory path helps to facilitate the organization of Oracle installations, and helps to ensure that installations of multiple databases maintain an Optimal Flexible Architecture (OFA) configuration.
The Oracle base directory for the Oracle Grid Infrastructure installation is the location where diagnostic and administrative logs, and other logs associated with Oracle ASM and Oracle Clusterware are stored. For Oracle installations other than Oracle Grid Infrastructure for a cluster, the Oracle base directory is also the location under which an Oracle home is placed.
However, for an Oracle Grid Infrastructure installation, you must create a different path for the Grid home, so that the path for Oracle base remains available for other Oracle installations. You can have only one active Oracle Grid Infrastructure installation on a cluster, and all upgrades are out-of-place upgrades. Because of this, Oracle recommends that you create both an Oracle base for the Grid Installation User (grid), and an Oracle home for the Oracle Grid Infrastructure binaries using the release number of that installation. For example, use the following path to create an Oracle Grid Infrastructure home (Grid home):
D:\app\12.1.0\grid
During installation, ownership of the path to the Grid home is changed to the LocalSystem user. If you do not create a unique path to the Grid home, then after the Oracle Grid Infrastructure installation, you might encounter permission errors for other installations, including any existing installations under the same path.
Caution:
For Oracle Grid Infrastructure (for a cluster) installations, note the following restrictions for the Oracle Grid Infrastructure home (the Grid home directory for Oracle Grid Infrastructure):It must not be placed under one of the Oracle base directories, including the Oracle base directory of the Oracle Grid Infrastructure installation owner.
It must not be placed in the home directory of an installation owner.
These requirements are specific to Oracle Grid Infrastructure for a cluster installations. Oracle Grid Infrastructure for a standalone server (Oracle Restart) can be installed under the Oracle base for the Oracle Database installation.
Oracle recommends that you let the Oracle Universal Installer create the Oracle Grid Infrastructure Grid home and Oracle base directories.
Note:
Placing Oracle Grid Infrastructure for a cluster binaries on a cluster file system is not supported.Oracle recommends that you install Oracle Grid Infrastructure locally, on each cluster member node. Using a shared Grid home prevents rolling upgrades, and creates a single point of failure for the cluster.
The Oracle Inventory directory is the central inventory location for all Oracle software installed on a server. By default, the location of the Oracle Inventory directory is C:\Program Files\Oracle\Inventory. This directory is created automatically the first time you install Oracle software on a Windows server.
Ensure that the directory path you specify meets the following requirements:
It is located in a path outside existing Oracle homes, including Oracle Clusterware homes.
It is not located in a user home directory.
If you create the path before installation, then the Oracle Installation user for Oracle Grid Infrastructure can create the directories in the path.
Oracle recommends that you install Oracle Grid Infrastructure on local homes, rather than using a shared home on shared storage.
For installations with Oracle Grid Infrastructure only, Oracle recommends that you create a path compliant with Oracle Optimal Flexible Architecture (OFA) guidelines, so that Oracle Universal Installer (OUI) can select that directory during installation.
Note:
Oracle Grid Infrastructure homes can be placed in a local home on servers, even if your existing Oracle Clusterware home from a prior release is in a shared location.If you are installing Oracle Grid Infrastructure for a database (Oracle Restart), then the home directory for Oracle Restart can be under the Oracle base directory for the Oracle Installation user for Oracle Database. Refer to Oracle Database Installation Guide for your platform for more information about Oracle Restart.
The Oracle base directory for the Oracle Installation User for Oracle Grid Infrastructure is the location where diagnostic and administrative logs, and other logs associated with Oracle ASM and Oracle Clusterware are stored. If the directory or path you specify during installation for the Grid home does not exist, then OUI creates the directory.
Note:
Placing Oracle Grid Infrastructure for a cluster binaries on a cluster file system is not supported.
The base directory for Oracle Grid Infrastructure 12c and the base directory for Oracle RAC 12c must be different from the directories used by the Oracle RAC 11g Release 2 installation.
See Also:
Section C.1.3, "Understanding the Oracle Base Directory" for more information about the Oracle Base directoryIntelligent Platform Management Interface (IPMI) provides a set of common interfaces to computer hardware and firmware that system administrators can use to monitor system health and manage the system. Oracle Clusterware can integrate IPMI to provide failure isolation support and to ensure cluster integrity.
You can configure node-termination with IPMI during installation by selecting a node-termination protocol, such as IPMI. You can also configure IPMI after installation with crsctl commands.
See Also:
Oracle Clusterware Administration and Deployment Guide for information about how to configure IPMI after installationYou must have the following hardware and software configured to enable cluster nodes to be managed with IPMI:
Each cluster member node requires a Baseboard Management Controller (BMC) running firmware compatible with IPMI version 1.5 or greater, which supports IPMI over local area networks (LANs), and configured for remote control using LAN.
Note:
On servers running Windows Server 2008, you may have to upgrade the basic I/O system (BIOS), system firmware, and BMC firmware before you can use IPMI. Refer to Microsoft Support Article ID 950257 (http://support.microsoft.com/kb/950257) for details.Each cluster member node requires an IPMI driver installed on each node.
The cluster requires a management network for IPMI. This can be a shared network, but Oracle recommends that you configure a dedicated network.
Each cluster member node's Ethernet port used by BMC must be connected to the IPMI management network.
Each cluster member must be connected to the management network.
Some server platforms put their network interfaces into a power saving mode when they are powered off. In this case, they may operate only at a lower link speed (for example, 100 megabyte (MB), instead of 1 GB). For these platforms, the network switch port to which the BMC is connected must be able to auto-negotiate down to the lower speed, or IPMI will not function properly.
Note:
IPMI operates on the physical hardware platform through the network interface of the Baseboard Management Controller (BMC). Depending on your system configuration, an IPMI-initiated restart of a server can affect all virtual environments hosted on the server. Contact your hardware and OS vendor for more information.You can configure the BMC for DHCP, or for static IP addresses. Oracle recommends that you configure the BMC for dynamic IP address assignment using DHCP. To use this option, you must have a DHCP server configured to assign the BMC IP addresses.
Note:
If you configure IPMI, and you use GNS, then you still must configure separate addresses for the IPMI interfaces. Because the IPMI adapter is not seen directly by the host, the IPMI adapter is not visible to GNS as an address on the host.For Oracle Clusterware to communicate with the BMC, the IPMI driver must be installed permanently on each node, so that it is available on system restarts. On Windows systems, the implementation assumes the Microsoft IPMI driver (ipmidrv.sys) is installed, which is included with the Windows Server 2008 and later versions of the Windows operating system. The driver is included as part of the Hardware Management feature, which includes the driver and the Windows Management Interface (WMI).
Note:
An alternate driver (imbdrv.sys) is available from Intel as part of Intel Server Control, but this driver has not been tested with Oracle Clusterware.
Hardware management is installed using the Add/Remove Windows Components Wizard.
Press Start, then select Control Panel.
Select Add or Remove Programs.
Click Add/Remove Windows Components.
Select (but do not check) Management and Monitoring Tools and click the Details button to display the detailed components selection window.
Select the Hardware Management option.
If a BMC is detected through the system management BIOS (SMBIOS) Table Type 38h, then a dialog box will be displayed instructing you to remove any third party drivers. If no third party IPMI drivers are installed or they have been removed from the system, then click OK to continue.
Note:
The Microsoft driver is incompatible with other drivers. Any third party drivers must be removedClick OK to select the Hardware Management Component, and then click Next.
Hardware Management (including Windows Remote Management, or WinRM) will be installed.
After the driver and hardware management have been installed, the BMC should be visible in the Windows Device Manager under System devices with the label "Microsoft Generic IPMI Compliant Device". If the BMC is not automatically detected by the plug and play system, then the device must be created manually.
To create the IPMI device, run the following command:
rundll32 ipmisetp.dll,AddTheDevice