5 Rapid Home Provisioning

Rapid Home Provisioning is a method of deploying software homes to nodes in a cloud computing environment from a single cluster where you create, store, and manage templates of Oracle homes as images (called gold images) of Oracle software, such as databases, middleware, and applications. You can make a working copy of any gold image, and then you can provision that working copy to any node in the cloud.

You store the gold images in a repository located on a Rapid Home Provisioning Server, which runs on one server in the Rapid Home Provisioning Server cluster that is a highly available provisioning system. This provisioning method simplifies quick patching of Oracle homes, thereby minimizing or completely eliminating downtime.

Also, using Rapid Home Provisioning, you can provision Oracle Database software for the various versions of the Oracle Database releases, such as 10.2.0.5 (Oracle Database 10g), 11.2.0.x (Oracle Database 11g), 12.1.0.1, and 12.1.0.2 (Oracle Database 12c). When you provision such software, Rapid Home Provisioning offers additional features for creating various types of databases (such as Oracle Real Application Clusters (Oracle RAC), single instance, and Oracle Real Application Clusters One Node (Oracle RAC One Node) databases) on different types of storage, and other options, such as using templates and creating container databases (CDBs). Rapid Home Provisioning improves and makes more efficient patching of database software, allowing for rapid and remote patching of the software, in most cases, without any downtime for the database.

See Also:

Oracle Real Application Clusters Installation Guide for your platform for more information about provisioning Oracle Database software

Notes:

  • Oracle does not support Rapid Home Provisioning on Windows operating systems.

  • In Oracle Database 12c release 1 (12.1), the Rapid Home Provisioning Server does not manage operating system images or Oracle Grid Infrastructure homes.

Rapid Home Provisioning simplifies maintenance in large environments because you have only to update software homes one time on the Rapid Home Provisioning Server.

This section includes the following topics:

Rapid Home Provisioning Architecture

The Rapid Home Provisioning architecture consists of Rapid Home Provisioning Servers and Rapid Home Provisioning Clients, and there is a Rapid Home Provisioning Server cluster and a Rapid Home Provisioning cluster.

The Rapid Home Provisioning Server cluster is a repository for all data, of which there are primarily two types:

  • Gold images

  • Metadata related to users, roles, permissions, and identities

The Rapid Home Provisioning Server acts as a central server for provisioning Oracle homes, making them available on Rapid Home Provisioning Client clusters.

Users operate on the Rapid Home Provisioning Server or Rapid Home Provisioning Client cluster site to request deployment of Oracle homes or to query gold images. When a user makes a request for an Oracle home, specifying a gold image, the Rapid Home Provisioning Client communicates with the Rapid Home Provisioning Server to pass on the request. The Rapid Home Provisioning Server processes the request by taking appropriate action to instantiate a copy of the gold image, and to make it available to the Rapid Home Provisioning Client cluster using available technologies such as Oracle Automatic Storage Management Cluster File System (Oracle ACFS), network file systems (NFSs), and snapshots.

This section includes the following topics:

Rapid Home Provisioning Server

The Rapid Home Provisioning Server is a highly available software provisioning system that uses Oracle Automatic Storage Management (Oracle ASM), Oracle Automatic Storage Management Cluster File System (Oracle ACFS), Grid Naming Service (GNS), and other components. The Rapid Home Provisioning Server primarily acts as a central server for provisioning Oracle homes, making them available to Rapid Home Provisioning Clients.

Features of the Rapid Home Provisioning Server:

  • Efficiently stores gold images for the managed homes, including separate binaries, and metadata related to users, roles, and permissions.

  • Provides highly available network file system (HANFS) exports for homes accessed using mounts on remote clusters.

  • Provides a list of available homes to clients upon request.

  • Patch a software home once and then deploy the home to any Rapid Home Provisioning Client, instead of patching every site.

  • Provides the ability to report on existing deployments.

Rapid Home Provisioning Client

The Rapid Home Provisioning Client is part of the Oracle Grid Infrastructure installed on all servers in the cloud. Users operate on a Rapid Home Provisioning Client to perform tasks such as requesting deployment of Oracle homes and listing available gold images. When a user requests an Oracle home specifying a gold image, the Rapid Home Provisioning Client communicates with the Rapid Home Provisioning Server to pass on the request. The Rapid Home Provisioning Server processes the request by instantiating a working copy of the gold image and making it available to the Rapid Home Provisioning Client using Oracle ACFS (recommended), a different local file system, or through NFS.

The Rapid Home Provisioning Client:

  • Utilizes Oracle ACFS to store working copies which can be rapidly provisioned as local homes; new homes can be quickly created or undone using Oracle ACFS snapshots.

    Note:

    Oracle supports using other local file systems besides Oracle ACFS.

  • Provides a list of available homes from the Rapid Home Provisioning Server.

  • Allows high availability NFS (HANFS) mounts from the Rapid Home Provisioning Server to be provisioned as working copies on the Rapid Home Provisioning Client cluster.

The NFS home client is a Rapid Home Provisioning Client that does not have Oracle ACFS installed, but can still access the Rapid Home Provisioning Server through an NFS protocol. In an NFS protocol environment, the Rapid Home Provisioning Server must have a highly available NFS server configured so that the Rapid Home Provisioning Client will be highly available.

See Also:

"Creating a Rapid Home Provisioning Client" for more information

Rapid Home Provisioning Roles

An administrator assigns roles to gold image users with access-level permissions defined for each role. Users on Rapid Home Provisioning Clients are also assigned specific roles. Rapid Home Provisioning includes basic built-in and composite built-in roles.

Basic Built-In Roles

The basic built-in roles and their functions are:

  • GH_ROLE_ADMIN: An administrative role for everything related to roles. Users assigned this role are able to run rhpctl verb role commands.

  • GH_SITE_ADMIN: An administrative role for everything related to Rapid Home Provisioning Clients. Users assigned this role are able to run rhpctl verb client commands.

  • GH_SERIES_ADMIN: An administrative role for everything related to image series. Users assigned this role are able to run rhpctl verb series commands.

  • GH_SERIES_CONTRIB: Users assigned this role can add images to a series using the rhpctl insertimage series command, or delete images from a series using the rhpctl deleteimage series command.

  • GH_WC_ADMIN: An administrative role for everything related to working copies. Users assigned this role are able to run rhpctl verb workingcopy commands.

  • GH_WC_OPER: A role that enables users to create a working copy for themselves or others using the rhpctl add workingcopy command with the -user option (when creating for others). Users assigned this role do not have administrative privileges and can only administer the working copies that they create.

  • GH_WC_USER: A role that enables users to create a working copy using the rhpctl add workingcopy command. Users assigned this role do not have administrative privileges and can only delete working copies that they create.

  • GH_IMG_ADMIN: An administrative role for everything related to images. Users assigned this are role are able to run rhpctl verb image commands.

  • GH_IMG_USER: A role that enables users to create an image using the rhpctl add | import image. Users assigned this role do not have administrative privileges and can only delete images that they create.

  • GH_IMG_TESTABLE: A role that enables users to add a working copy only when an image is in the TESTABLE state. Users assigned this role must also be assigned either the GH_WC_ADMIN role or the GH_WC_USER role to add a working copy.

  • GH_IMG_RESTRICT: A role that enables users to add a working copy only when an image is in the RESTRICTED state. Users assigned this role must also be assigned either the GH_WC_ADMIN role or the GH_WC_USER role to add a working copy.

  • GH_IMG_PUBLISH: Users assigned this role can promote an image to another state or retract an image from the PUBLISHED state to either the TESTABLE or RESTRICTED state.

  • GH_IMG_VISIBILITY: Users assigned this role can modify access to promoted or published images using the rhpctl allow | disallow image commands.

Composite Built-In Roles

The composite built-in roles and their functions are:

  • GH_SA: The Oracle Grid Infrastructure user on a Rapid Home Provisioning Server automatically inherits this role.

    The GH_SA role includes the following basic built-in roles: GH_ROLE_ADMIN, GH_SITE_ADMIN, GH_SERIES_ADMIN, GH_SERIES_CONTRIB, GH_WC_ADMIN, GH_IMG_ADMIN, GH_IMG_TESTABLE, GH_IMG_RESTRICT, GH_IMG_PUBLISH, and GH_IMG_VISIBILITY.

  • GH_CA: The Oracle Grid Infrastructure user on a Rapid Home Provisioning Client automatically inherits this role.

    The GH_CA role includes the following basic built-in roles: GH_SERIES_ADMIN, GH_SERIES_CONTRIB, GH_WC_ADMIN, GH_IMG_ADMIN, GH_IMG_TESTABLE, GH_IMG_RESTRICT, GH_IMG_PUBLISH, and GH_IMG_VISIBILITY.

  • GH_OPER: This role includes the following built-in roles: GH_WC_OPER, GH_SERIES_ADMIN, GH_IMG_TESTABLE, GH_IMG_RESTRICT, and GH_IMG_USER. Users assigned this role have limited access and cannot delete images.

Consider a gold image called G1 that is available on the Rapid Home Provisioning Server with the GH_WC_USER user role. This role allows users read-only permission on G1.

Further consider that a user, U1, on a Rapid Home Provisioning Client, Cl1, has the GH_WC_USER role. If U1 requests to provision an Oracle home based on the gold image G1, then U1 can do so, because of the permissions granted by the GH_WC_USER role, which is also assigned to G1. If U1 requests to delete G1, however, then that request would be denied because the GH_WC_USER role does not have the necessary permissions.

The Rapid Home Provisioning Server can associate user-role mappings to the Rapid Home Provisioning Client. After the Rapid Home Provisioning Server delegates user-role mappings, the Rapid Home Provisioning Client can then modify user-role mappings on the Rapid Home Provisioning Server for all users that belong to the Rapid Home Provisioning Client. This is implied by the fact that only the Rapid Home Provisioning Server qualifies user IDs from a Rapid Home Provisioning Client site with the client cluster name of that site. Thus, the Rapid Home Provisioning Client CL1 will not be able to update user mappings of a user on CL2, where CL2 is the cluster name of a different Rapid Home Provisioning Client.

Rapid Home Provisioning Images

By default, when you create a gold image using either rhpctl import image or rhpctl add image, the image is ready to provision working copies. However, under certain conditions, you may want to restrict access to images to enable someone to test or validate the image before making it available for general use.

Image State

You can set the state of an image to TESTABLE or RESTRICTED so that only users with the GH_IMG_TESTABLE or GH_IMG_RESTRICT roles can provision working copies from this image. Once the image has been tested or validated, you can change the state and make the image available for general use by running the rhpctl promote image -image image_name -state PUBLISHED command. The default image state is PUBLISHED when you add a new gold image, and if you do not specify the state in either the rhpctl add image or rhpctl import image commands.

Image Series

Using an image series is a convenient way to group different images into a logical sequence. Rapid Home Provisioning treats each image as an independent entity with respect to other images. No relationship is assumed between images, even if they follow some specific nomenclature. The image administrator names images in some logical manner that makes sense to its user community.

Use the rhpctl add series command to create an image series and associate one or more images to this series. The list of images in an image series is an ordered list. Use the rhpctl insertimage series and rhpctl deleteimage series to add and delete images in an image series. You can also change the order of images in a series using these commands.

Implementing Rapid Home Provisioning

After you install and configure Oracle Clusterware, you can configure and start Rapid Home Provisioning.

This section includes the following topics:

Creating a Rapid Home Provisioning Server

The Rapid Home Provisioning Server uses a repository that you create in an Oracle ACFS file system in which you store all the software homes that you want to make available to clients.

To create a Rapid Home Provisioning Server:

  1. Use the Oracle ASM configuration assistant (ASMCA) to create an Oracle ASM disk group on the Rapid Home Provisioning Server to store software, as follows:

    $ Grid_home/bin/asmca

    Because this disk group is used to store software, Oracle recommends a minimum of 1 TB for this disk group.

    Note:

    You must set Oracle ASM Dynamic Volume Manager (Oracle ADVM) compatibility settings for this disk group to 12.1.

    See Also:

    Oracle Automatic Storage Management Administrator's Guide for information about setting Oracle ASM disk group compatibility.

  2. Provide a mount path that exists on all nodes of the cluster. The Rapid Home Provisioning Server uses this path to mount gold images.

    $ mkdir -p storage_path/images

  3. As root, create the Rapid Home Provisioning Server resource, as follows:

    # Grid_home/bin/srvctl add rhpserver -storage storage_path
    -diskgroup disk_group_name

  4. Start the Rapid Home Provisioning Server, as follows:

    $ Grid_home/bin/srvctl start rhpserver

See Also:

"SRVCTL Command Reference" for more information about the SRVCTL commands used in this procedure

After you start the Rapid Home Provisioning Server, use the Rapid Home Provisioning Control (RHPCTL) utility to further manage Rapid Home Provisioning.

See Also:

Appendix F, "Rapid Home Provisioning and Server Control Command Reference" for more information about RHPCTL

Adding Gold Images to the Rapid Home Provisioning Server

The Rapid Home Provisioning Server stores and serves gold images of software homes. These images must be instantiated on the Rapid Home Provisioning Server.

Note:

Images are read-only, and you cannot run programs from them. To create a usable software home from an image, you must create a working copy. You cannot directly use images as software homes. You can, however, use images to create working copies (software homes).

You can import software to the Rapid Home Provisioning Server using any one of the following methods:

  • You can import an image from an installed home on the Rapid Home Provisioning Server using the following command:

    rhpctl import image -image image_name -path path_to_installed_home
  [-imagetype ORACLEDBSOFTWARE | SOFTWARE]

  • You can import an image from an installed home on a Rapid Home Provisioning Client, using the following command run from the Rapid Home Provisioning Client:

    rhpctl import image -image image_name -path path_to_installed_home

  • You can create an image from an existing working copy using the following command:

    rhpctl add image –image image_name -workingcopy working_copy_name

The preceding commands create an Oracle ACFS file system in the Rapid Home Provisioning root directory, similar to the following:

/u01/rhp/images/images/RDBMS_121020617524

See Also:

Appendix F, "Rapid Home Provisioning and Server Control Command Reference" for more information about the preceding RHPCTL commands

Provisioning Software

After you import an image, you can provision software by adding a working copy either on the Rapid Home Provisioning Server or on the Rapid Home Provisioning Client. You can run the software provisioning command on either the Server or the Client.

  1. To provision software on the Rapid Home Provisioning Server:

    rhpctl add workingcopy -workingcopy working_copy_name -image image_name

  2. To create a working copy on the Rapid Home Provisioning Client:

    rhpctl add workingcopy -workingcopy working_copy_name -image image_name
   -storagetype storage_type -path path_to_software_home

  3. To create a working copy on the Rapid Home Provisioning Client from the Rapid Home Provisioning Server:

    rhpctl add workingcopy -workingcopy working_copy_name -image image_name
   -path path_to_software_home -client client_cluster_name

Notes:

  • The directory you specify in the -path parameter must be empty.

  • You can re-run the provisioning command in case of an interruption or failure due to system or user errors. After you fix the reported errors, re-run the command and it will resume from the point of failure.

See Also:

"Storage Space for Provisioned Software" for more information

This section includes the following topics:

Storage Space for Provisioned Software

You control storage space for provisioned software using the -storagetype and -path parameters of the rhpctl add workingcopy command. If you specify -path, then the application software will always be provisioned on the path you specify. If the file system of this path is shared among all of the nodes in the cluster, then the working copy will be created on this shared storage. If the file system is not shared, then the entire application software gets copied to the given path on every node in the cluster.

In addition to the -path parameter, if you specify -storagetype, then the type of storage you specify with this parameter is used. If you specify -storagetype NFS, then the path you provide is used as an NFS mount point. With NFS storage, the software resides on the Rapid Home Provisioning Server cluster, and is accessible as read/write on the Rapid Home Provisioning Client cluster over NFS. In this case, the same software is visible on all nodes of the remote cluster and is therefore shared across all nodes. You cannot specify NFS storage when provisioning software on the Rapid Home Provisioning Server cluster.

If you specify -storagetype LOCAL, then working copies are stored in user-provided file systems, and not in storage provided by Rapid Home Provisioning. If you did not specify the -path parameter, then a default Oracle home path, such as oracle_base_path/product/db_version/workingcopy_name, based on the value of the -oraclebase option is used to provision the database software. This path could be shared or non-shared.

If you do not specify the -storagetype and -path parameters, then the Rapid Home Provisioning Server uses the default storage type, RHP_MANAGED, and the Rapid Home Provisioning Server creates an Oracle ACFS shared file system. If you do not specify the -path parameter, then Rapid Home Provisioning creates an Oracle ACFS shared file system on the target cluster and makes the software available to the user from this file system. This can happen on the Rapid Home Provisioning Client cluster only if you configured the Rapid Home Provisioning Client with an Oracle ASM disk group.

Provisioning for a Different User

If you want a different user to provision software, then use the -user and -client parameters of the rhpctl add workingcopy command. If the provisioning is for the cluster from where you run the command, then you do not need to specify the -client parameter. When the provisioning is completed, all files and directories of the provisioned software are owned by the user you specified. Permissions on files on the remotely provisioned software are the same as the permissions that existed on the gold image from where you provisioned the application software.

Creating a Rapid Home Provisioning Client

Users operate on a Rapid Home Provisioning Client to perform tasks such as requesting deployment of Oracle homes and querying gold images.

To create a Rapid Home Provisioning Client:

  1. If there is no highly available VIP (HAVIP) on the Rapid Home Provisioning Server, then, as the root user, create an HAVIP, as follows:

    # srvctl add havip -id id -address {host_name | ip_address}

    You can specify either a host name or IPv4 or IPv6 IP address. The IP address that you specify for HAVIP or the address that is resolved from the specified host name must not be in use when you run this command.

    Note:

    The highly available VIP must be in the same subnet as the default network configured in the Rapid Home Provisioning Server cluster. You can obtain the subnet by running the following command: 
    srvctl config network -netnum network_number

    See Also:

    Oracle Real Application Clusters Administration and Deployment Guide for more information about these SRVCTL commands

  2. On the Rapid Home Provisioning Server as the Grid home owner, create the client data file, as follows:

    $ rhpctl add client -client client_cluster_name -toclientdata path

    RHPCTL creates the client data file in the directory path you specify after the -toclientdata flag. The name of the client data file is client_cluster_name.xml.

    Note:

    The client_cluster_name must be unique and it must match the cluster name of the client cluster where you run step 4.

    See Also:

    Appendix F, "Rapid Home Provisioning and Server Control Command Reference" for more information about the rhpctl add client command

  3. Copy the client data file that you created in the previous step to a directory on the client cluster that has read/write permissions to the Grid home owner on the Rapid Home Provisioning Client.

  4. Create the Rapid Home Provisioning Client by running the following command as root on the client cluster:

    # srvctl add rhpclient -clientdata path_to_client_data
   [-diskgroup disk_group_name -storage base_path]

    If you want to provision working copies to Oracle ACFS storage on this cluster, and you have already created a disk group for this purpose, then specify this disk group in the preceding command. In this case, also specify a storage path which will be used as a base path for all mount points when creating Oracle ACFS file systems for storing working copies.

    Note:

    Once you configure a disk group on a Rapid Home Provisioning Client, you cannot remove it from or change it in the Rapid Home Provisioning Client configuration. The only way you can do either (change or remove) is to completely remove the Rapid Home Provisioning Client using the srvctl remove client command, and then add it back with a different disk group, if necessary. Before you remove a Rapid Home Provisioning Client, ensure that you remove all registered users from this cluster and all working copies provisioned on this cluster.

  5. Start the Rapid Home Provisioning Client, as follows:

    $ srvctl start rhpclient

  6. Check the status of the Rapid Home Provisioning Client, as follows:

    $ srvctl status rhpclient

Managing Rapid Home Provisioning Clients

Rapid Home Provisioning Client management tasks include:

Enabling and Disabling Rapid Home Provisioning Clients

Rapid Home Provisioning Clients communicate with the Rapid Home Provisioning Server for all actions. You cannot run any RHPCTL commands without a connection to a Rapid Home Provisioning Server.

From the Rapid Home Provisioning Server, you can enable or disable Rapid Home Provisioning Clients by running the following command from the Rapid Home Provisioning Server cluster:

$ rhpctl modify client -client client_name -enabled TRUE | FALSE

To enable a Rapid Home Provisioning Client, specify -enabled TRUE. Conversely, specify -enabled FALSE to disable the client. When you disable a Rapid Home Provisioning Client cluster, all RHPCTL commands from that client cluster will be rejected by the Rapid Home Provisioning Server, unless and until you re-enable the client.

Note:

Disabling a Rapid Home Provisioning Client cluster does not disable any existing working copies on the client cluster. The working copies will continue to function and any databases in those working copies will continue to run, even if their Oracle home storage comes from the Rapid Home Provisioning Server cluster over NFS.

Creating Users and Assigning Roles for Rapid Home Provisioning Client Cluster Users

Use the -maproles parameter with the rhpctl add client command to create users and assign roles to Rapid Home Provisioning Client users. You can associate multiple users with roles, or you can assign a single user multiple roles with this command.

Managing the Rapid Home Provisioning Client Password

The Rapid Home Provisioning Client uses a password stored internally to authenticate itself with the Rapid Home Provisioning Server. You cannot query this password, however, if for some reason, you are required to reset this password, then you can do so, as follows, on the Rapid Home Provisioning Server cluster:

  1. Run the following command on the Rapid Home Provisioning Server cluster to generate a new password and store it in the client credential:

    $ rhpctl modify client -client client_name -password

  2. Run the following command on the Rapid Home Provisioning Server cluster to generate a credential file:

    $ rhpctl export client -client client_name -clientdata file_path

    For example, to generate a credential file for a Rapid Home Provisioning Client named mjk9394:

    $ rhpctl export client -client mjk9394 -clientdata /tmp/mjk9394.xml

  3. Continuing with the preceding example, transport the generated credential file securely to the Rapid Home Provisioning Client cluster and then run the following command on any node in the Rapid Home Provisioning Client cluster:

    $ srvctl modify rhpclient -clientdata path_to_mjk9394.xml

  4. Restart the Rapid Home Provisioning Client daemon by running the following commands on the Rapid Home Provisioning Client cluster:

    $ srvctl stop rhpclient
$ srvctl start rhpclient