Autonomous Health Framework Scope (AHF Scope)
orachk/exachk(合规性框架)、tfa(日志分析器)
一、安装
/ahf_setup
在 Linux 或 Solaris 上安装 Oracle Autonomous Health Frameworkroot会自动设置并运行 Oracle ORAchk 或 Oracle EXAchk 守护程序。该守护程序每周凌晨3点运行一次完整的本地Oracle ORAchk检查,
并在每天凌晨2点通过或配置文件运行部分最具影响力的 oratier1检查exatier1。 一周后,守护程序会自动清除每天运行的oratier1或配置文件运行。exatier1该守护程序还会在两周后自动清除完整的本地运行资料
二、orachk/exachk
1、启动并加载默认程序
exachk -autostart reset
orachk -autostart reset
ahfctl compliance -autostart reset
2、删除所有默认的未修改的程序
exachk -autostop unset
orachk -autostop unset
ahfctl compliance -autostop unset
3、使用案例
- autostop and then -autostart
autostop will only deconfigure the compliance and autostart will start the compliance and load all the schedulers that were present before autostop.
- autostop unset and then -autostart
autostop unset will deconfigure the compliance and remove all the default unmodified schedulers and autostart will start the compliance and load the user-defined schedulers and modified default schedulers if they exist.
- autostop and then -autostart reset
autostop will only deconfigure the compliance and autostart reset will start the compliance and only load the default schedulers.
- autostop unset and then -autostart reset
autostop unset will deconfigure the compliance and remove all the default unmodified schedulers and autostart reset will start the compliance and only load the default schedulers.
–获取配置信息
orachk -get all
4、配置邮件
tfactl set ahfnotificationaddress="test-user1@example.com test-user1@example.com"
获取配置邮箱列表
tfactl get ahfnotificationaddress
删除邮箱
tfactl unset ahfnotificationaddress
多个邮箱
orachk –set "NOTIFICATION_EMAIL=some.person@acompany.com,another.person@acompany.com"
orachk邮箱。指定id,不指定则为default
orachk -id dba -set "NOTIFICATION_EMAIL=some.person@acompany.com,another.person@acompany.com"
tfa邮箱
tfactl set notificationAddress=os_user:email
三、tfa命令
授予其它用户访问
tfactl access
tfactl [command][options]
向非root用户授权使用tfa
tfactl access grant -user user_name -role privileged-compliance-checks
四、orachk\tfa管理
systemctl status oracle-tfa.service
systemctl start oracle-tfa.service
systemctl stop oracle-tfa.service
systemctl status oracle-orachkscheduler.service
systemctl start oracle-orachkscheduler.service
systemctl stop oracle-orachkscheduler.service
oracle-tfa.service默认启动, oracle-orachkscheduler.service默认不启动。
要运行 status、start、stop oracle-orachkscheduler.service 命令,必须先运行tfactl stop ahf和orachk -autostart
五、orachk合规性检查
1、获取报告
可以通过orachk日志提示或者
ahfctl showrepo
2、自动获取
每天上午3点执行,每天2点通过oratier1、exatier1 配置文件处置。一周后每天清理。两周后清理全部。
3、修改配置文件
每周天三点执行并发送邮件
orachk –set "AUTORUN_SCHEDULE=3 * * 0 ;NOTIFICATION_EMAIL=some.body@example.com"
修改profile名
orachk -id dba -set "AUTORUN_SCHEDULE=3 * * 0;NOTIFICATION_EMAIL=some.body@example.com"
启动
orachk -autostart
启动默认
orachk -autostart reset
使用tfa守护进程运行orachk
orachk -autostatus
对比报告
orachk –diff report_1 report_2
升级前检查
orachk –u –o pre
升级后检查
orachk –u –o post
同步远程运行
orachk -remotehost node2 -profile asm -remoteuser root -remotedestdir /scratch/user/ -identitydir /scratch/user/privatekeys/
异步远程运行
orachk –remotehost remote_host remote_args -remoteuser remote_user -remotedestdir remote_dest_dir -identitydir PRIVATEKEYDIR -asynch
六、配置文件管理
1、创建配置文件
orachk -createprofile profile_name check_ids
orachk -createprofile customprofile1 E94AC6ACDA502F3BE04312C0E50A290A,
F01E3FEDBD2B243EE04312C0E50A4DC5,
F02293F7261D1BCAE04312C0E50A4118,
F9370B4F5707076DE04312C0E50A78AE
Validating checks...
Profile customprofile1 created successfully...
2、修改配置文件
无法修改配置文件名称。只能在配置文件中添加或删除检查 ID。
orachk -modifyprofile profile_name check_ids
exachk -modifyprofile customprofile1 21B57D4065DDEA3DE0530D98EB0A8205,
Validating checks...
Modifying profile customprofile1...
Profile customprofile1 modified successfully...
Added Checks:
21B57D4065DDEA3DE0530D98EB0A8205
9AD8AF3966FB3027E040E50A1EC0308F
019F5085951978CAE05313C0E50A4FCB
--------------------------------
Removed Checks:
39128FBB540C098AE0530D98EB0AFB1A
3、删除配置文件
orachk -deleteprofile profile_name
七、清理敏感信息
1、清理集合中敏感信息
-sanitize参数已在 23.3 中弃用并删除。Oracle 建议使用该ahfctl redact 命令。
orachk -sanitize comma_delimited_list_of_collection_IDs
打印清理前的元素反射
orachk -rmap all|comma_delimited_list_of_element_IDs
orachk -rmap pu406jKxg,kEvGFDT
orachk -rmap all
2、清理orachk敏感信息
orachk -sanitize new/orachk_node061919_053119_001343.zip
orachk -sanitize .orachk_node061919_053119_001343.zip
orachk -sanitize new/orachk_debug_053119_023653.log
orachk -localonly -profile asm -sanitize -silentforce
八、问题自动修复
orachk -showrepair DCB4C2CB907F4C76E04312C0E50A7667
ahfctl compliance -repairall -check DCB4C2CB907F4C76E04312C0E50A7667
orachk -repair all
orachk -repair DCB4C2CB907F4C76E04312C0E50A7667
orachk -repair file
exachk -repair check_id,[check_id,check_id...]
exachk -repair file
九、安全助手工具
orachk -profile security
十、自动升级工具
十一、自动运行
语法
orachk –set "option_1=option_1_value;option_2=option_2_value;option_n=option_n_value"
参数
AUTORUN_SCHEDULE=minute hour day month day_of_week
十二、查询状态
查询守护进程状态
orachk -autostatus
自动重新启动
orachk –initsetup
orachk –initcheck
十三、按需运行
orachk –u –o pre
orachk –u –o post
交互
orachk –nodaemon
邮件
orachk –sendemail "NOTIFICATION_EMAIL=email_recipients"
静默运行
orachk –s
orachk –S
十四、报告管理
临时目录
export RAT_TMPDIR=/tmp
orachk
oracle ALL=(root) NOPASSWD:/tmp/root_orachk.sh
报告目录
orachk –output output_dir
export RAT_OUTPUT=output_dir
orachk
不到健康部分报告
orachk –noscore
不带通过部分
orachk –nopass
不带积分卡
orachk –m
标记
orachk –tag tag_name
比较
orachk –diff report_1 report_2
删除快照
orachk –fileattr remove
只执行文件更改检查
orachk -fileattr check –fileattronly
基线
orachk -fileattr check -baseline path_to_snapshot
减少累积数据文件
export RAT_PURGE_SIZE=1024 --MB
exachk
COLLECTION_RETENTION任何早于所选目标日期的文件都将在守护程序运行的 Oracle ORAchk 或 Oracle EXAchk 结束时删除
exachk -id fname -set "AUTORUN_SCHEDULE=* * * *;\
NOTIFICATION_EMAIL=fname.lname@somewhere.com;\
COLLECTION_RETENTION=1;\
AUTORUN_FLAGS=-profile switch"
十五、子集
Oracle 集群件和 Oracle 数据库升级前检查
orachk –preupgrade
Oracle Clusterware 和 Oracle 数据库升级后检查
orachk –postupgrade
数据库检查
orachk -dball
orachk –dbnames db1,db2,db3
orachk –pdbnames pdb1,pdb2,pdb3
orachk –clusternodes node1,node2,node3
orachk -localonly
orachk –cell cell1,cell2,cell3
orachk –ibswitches switch1,switch2
Oracle Autonomous Health Framework 支持在未安装数据库的情况下进行 Oracle Grid Infrastructure 独立检查。
orachk -nordbms
将配置文件与 Oracle Autonomous Health Framework 结合使用
Profile Description
asm Oracle Automatic Storage Management checks.
exatier1 Exadata only checks with a critical alert level.These represent the top tier of problems with the most
severe likely impact. You must fix the problems marked as critical as soon as possible.
patches Oracle patch checks.
bi_middleware Oracle Business Intelligence checks.
clusterware Oracle Clusterware checks.
compute_node Compute Node checks (Oracle Exalogic only).
control_VM Checks only for Oracle Virtual Machine Control VM (ec1-vm, ovmm, db, pc1, pc2). No cross-node checks.
corroborate Oracle Exadata checks, which you must review to determine pass or fail.
dba Database Administrator (DBA) Checks.
ebs Oracle E-Business Suite checks.
el_extensive Extensive EL checks.
el_lite Exalogic-Lite Checks(Oracle Exalogic Only).
el_rackcompare Data Collection for Exalogic Rack Comparison Tool (Oracle Exalogic Only).
emagent Oracle Enterprise Manager Cloud Control agent checks.
emoms Oracle Enterprise Manager Cloud Control management server.
em Oracle Enterprise Manager Cloud Control checks.
goldengate Oracle GoldenGate checks.
hardware Hardware-specific checks for Oracle Engineered systems.
maa Maximum Availability Architecture Checks.
nimbula Nimbula checks for Oracle Exalogic.
oam Oracle Access Manager checks.
obiee OBIEE Checks (Oracle Exalytics Only)
oim Oracle Identity Manager checks.
oud Oracle Unified Directory server checks.
ovn Oracle Virtual Networking.
peoplesoft Peoplesoft best practices.
platinum Platinum certification checks.
preinstall Preinstallation checks.
prepatch Checks to complete before patching.
security Security checks.
siebel Siebel Checks.
solaris_cluster Oracle Solaris Cluster Checks.
storage Oracle Storage Server Checks.
switch InfiniBand switch checks.
sysadmin System administrator checks.
timesten Oracle TimesTen checks (Oracle Exalytics Only).
user_defined_checks Run user-defined checks from user_defined_checks.xml.
virtual_infra Oracle VM Server (OVS), Control VM, network time protocol (NTP), and stale virtual network interface cards (VNICs) check (Oracle Exalogic Only).
zfs Oracle ZFS Storage Appliances checks (Oracle Exalogic Only).
排除个别项
orachk –profile dba,clusterware
orachk –excludeprofile dba,clusterware,ebs
单独检查
orachk –check 0829D67E8B1549AFE05312C0E50AD04F,CB95A1BF5B1160ACE0431EC0E50A12EE
报告可以与Enterprice Manager/第三方工具集成
十六、管理
密码管理
tfactl setpassword
tfactl checkpassword
tfactl unsetpassword
十七、自动诊断集合
tfactl set autodiagcollect=ON|OFF
触发条件
ORA-297(01|02|03|08|09|10|40)
ORA-00600
ORA-07445
ORA-04(69|([7-8][0-9]|9([0-3]|[5-8])))
ORA-32701
ORA-00494
ORA-04020
ORA-04021
ORA-01578
ORA-00700
System State dumped
RS-016(07|10|11|12)
配置邮件
tfactl set notificationAddress=os_user:email
1、配置自动收集异常事件
1、配置 Oracle Cluster Health Advisor 自动收集异常事件
tfactl set chaautocollect=ON
2、要通过 Oracle Trace File Analyzer 启用 Oracle Cluster Health Advisor 通知
tfactl set chanotification=on
3、配置 Oracle Cluster Health Advisor 通知的电子邮件地址发送至
tfactl set notificationAddress=chatfa:john.doe@acompany.com
2、脱敏
蔽或清理集合中的敏感数据
tfactl set redact=mask|sanitize|none
mask:屏蔽所有集合中的敏感数据,例如替换myhost1和 *******
sanitize:将所有集合中的敏感数据替换为随机字符,例如将myhost1替换为orzhmv1
none(默认):不屏蔽或清理集合中的敏感数据
tfactl diagcollect -SRDC ORA-00600 -mask
tfactl diagcollect -SRDC ORA-00600 -sanitize
3、防洪
查看防洪状态
tfactl get floodcontrol
查看限额
tfactl get fc.limit
限制时间
tfactl get fc.limittime
暂停时间
tfactl get fc.pausetime
详细信息
tfactl floodcontrol print
清楚配置
tfactl floodcontrol clear -event orcl:ORA-00600:user1
更新配置
tfactl floodcontrol update -event orcl:ORA-00600:user1 -limit 10 -limittime 90 -pausetime 180
十八、按需配置
查看摘要
tfactl summary -help
识别最近的错误
tfactl analyze –last 1d
tfactl analyze –last 18h
tfactl analyze -search “ora-00600" -last 8h
十九、工具集合
orachk/exachk
oswatcher (oswbb)
procwatcher (prw)
oratop
alertsummary
ls
pstack
summary
grep
vi
param
tail
dbglevel
history
changes
calog
events
ps
managelogs
triage
tfactl toolstatus
tfactl run tool
tfactl
tfactl > database MyDB
MyDB tfactl > oratop
二十、搜索数据
tfactl search -showdatatypes|-json [json_details
tfactl search -json
tfactl diagcollect -srdc srdc_name
$ tfactl diagcollect
[-srdc srdc_profile]
[–sr sr_number]
[-tag tagname]
[-z filename]
[-last nh|d | -from time -to time | -for date]
[-database database]
tfactl diagcollect –srdc ORA-04031
tfactl diagcollect –srdc dbperf
tfactl diagcollect –srdc srdc_type -database db -from "date time" -to "date time"
二十一、设置跟踪级别
tfactl dbglevel –set profile
tfactl dbglevel –help
tfactl [run] dbglevel
[ {-set|-unset} profile_name
-dependency [dep1,dep2,...|all]
-dependency_type [type1,type2,type3,...|all]
| {-view|-drop} profile_name
| -lsprofiles
| -lsmodules
| -lscomponents [module_name]
| -lsres
| -create profile_name [ -desc description
| [-includeunset] [-includetrace]
| -debugstate | -timeout time ]
| -modify profile_name [-includeunset] [-includetrace]
| -getstate [ -module module_name ]
| -active [profile_name]
| -describe [profile_name] ] ]
tfactl diagcollect -last n h|d
tfactl diagcollect -from “yyyy-mm-dd”
tfactl diagcollect –from "yyyy-mm-dd" -to "yyyy-mm-dd"
tfactl diagcollect -for “yyyy-mm-dd”
tfactl diagcollect
tfactl set maxfilecollectionsize=size_in_MB
tfactl diagcollect –node list of nodes
tfactl diagcollect -last 1d -node myserver65
tfactl diagcollect component
tfactl –diagcollect -database hrdb,fdb -last 1d
tfactl diagcollect -crs -os -node node1,node2 -last 6h
tfactl diagcollect -asm -node node1 -from "2016-08-15" -to "2016-08-17"
tfactl diagcollect –collectdir dir1,dir2,...dirn
更改集合名
–tag tagname
–z zip name
–silent
tfactl diagcollect -last 1d -notrim
–cores
1、内存资源限制
ahfctl setresourcelimit -resource kmem -value 1024
ahfctl setresourcelimit -resource swmem -value 2048
setresourcelimit -value 0.5
##### 2、管理存储库
要更改要清除的最小年龄:
set minagetopurge=number of hours
要禁用或启用自动清除
set autopurge=ON|OFF
要更改存储库的位置
set repositorydir=dir
要更改存储库的大小
set reposizeMB
#### 3、手工清理
tfactl print repository
tfactl print collections
tfactl purge -older number[h|d] [-force]
#### 4、管理集合大小
修剪
tfactl set trimfiles=ON|OFF
tfactl set maxcorefilesize=n
tfactl set maxcorecollectionsize=n
tfactl blackout add -targettype database -target mydb -event “ORA-00600”
···
5、主机和端口
tfactl print hosts
tfactl syncnodes
tfactl host remove host
tfactl host add host
tfactl set port=port_1
tfactl set port=port_1,port_2,port_3,port_4,port_5
tfactl restart
tfactl set notificationAddress=os_user:email
tfactl set notificationAddress=another.body@example.com
tfactl set indexRecoveryMode=restore
tfactl set indexRecoveryMode=recreate
二十二、理自动诊断存储库日志和跟踪文件
tfactl managelogs -older nm|h|d Files from past 'n' [d]ays or 'n' [h]ours or 'n' [m]inutes
要限制清除或仅显示早于特定时间的文件的操作
tfactl managelogs -purge -older 30d -dryrun
tfactl managelogs -purge -older 30d
估计删除了多少文件以及释放了多少空间
tfactl managelogs -purge -older 30d -dryrun
要删除文件并清理磁盘空间
tfactl managelogs -purge -older 30d
tfactl managelogs -purge -older 30d –gi
tfactl managelogs -purge -older 30d -database
查看日志空间占用
tfactl managelogs -show usage
tfactl managelogs -show usage –gi
tfactl managelogs -show usage -database
管理磁盘使用快照
tfactl set diskUsageMonInterval=minutes
tfactl set diskUsageMon=ON|OFF
自动清理日志
tfactl set manageLogsAutoPurge=ON|OFF
tfactl set manageLogsAutoPurgePolicyAge=nd|h
tfactl set manageLogsAutoPurgeInterval=minutes
配置用户对 tfactl 的访问
tfactl access lsusers
tfactl access add –user user [-local]
tfactl access remove –user user [-local]
tfactl access removeall [-local]
tfactl access reset
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
