Oracle Installation & Configuration Module 3 Conclusion

This conclusion ties together everything from Module 3 into a single, cloud-first runbook you can follow in production. OCI-centric provisioning, multitenant configuration, automated upgrades, and fleet-scale patching. Use this page as your operational checklist and quick reference.

What you accomplished in Lessons 1–6

1. Lesson 1 - 23c/23ai Overview: Chose the right deployment model (ADB, Exadata Cloud/VM DB Systems, or on-prem CDB/PDB) and learned the core themes: automation, multitenant by default, security-first, observability.
2. Lesson 2 - Provisioning: Moved from “install” to provision with OCI Console, CLI, REST, and Terraform/Resource Manager (IaC) for reproducible environments.
3. Lesson 3 - Parameters: Managed CDB/PDB scope, SPFILE persistence, dynamic vs. static settings, and a safe change workflow captured in version control.
4. Lesson 4 - DBCA & OCI Tools: Used DBCA (GUI/silent) where appropriate; integrated with OCI services and automation for post-provision steps.
5. Lesson 5 - Upgrades: Standard path is 19c → 23c/23ai via AutoUpgrade (with Non-CDB to PDB conversion), plus options for minimal downtime (Data Guard/GoldenGate).
6. Lesson 6 - FPP: Standardized homes with gold images, deployed working copies, and executed fast, out-of-place patch/upgrade switchovers at fleet scale.

End-to-End Runbook (Production)

1. Plan & Model
   • Pick target model: ADB vs Exadata Cloud/VM DB System vs Hybrid/on-prem CDB.
   • Define SLOs (RTO/RPO, performance), tenancy/networking, backup/retention, and security baselines (TDE, Unified Auditing, Data Vault).
2. Provision
   • Codify with Terraform/Resource Manager; parameterize shapes, storage, backups, subnets/NSGs, tags.
   • Use OCI CLI/REST for scripted environments; keep all definitions in Git.
3. Configure (CDB/PDB)
   • Set conservative defaults in CDB; override only PDB-modifiable parameters where justified by workload.
   • Record all ALTER SYSTEM changes (SCOPE and CONTAINER) and push to IaC variables/templates.
4. Create/Manage with DBCA (where applicable)
   • Use DBCA silent for repeatable local builds; DBCA post-create scripts for memory, TDE, auditing, and starter users/roles.
   • For OCI DB Systems, prefer Console/CLI/Terraform for integrated networking and backups.
5. Upgrade Path (19c → 23c/23ai)
   • Install new 23c/23ai home; run AutoUpgrade analyze → fixup → deploy.
   • Convert Non-CDB to PDB; recompile, gather stats, validate connection pools, and burn in with AWR baselines.
6. Fleet Standardization (FPP)
   • Build immutable, versioned gold images; subscribe targets; deploy working copies; stop → switch → start.
   • Promote images DEV → TEST → PROD; decommission old homes after sign-off.
7. Observability & Governance
   • Enable OCI Database Management metrics/alerts; log/trace baselines; SLO dashboards.
   • Change control: tickets, pull requests, image manifests, and release notes for each rollout.

Connectivity Sanity Checks (Oracle Net)

• Validate tnsnames.ora entries and service names after upgrades, cutovers, or PDB moves.
• Use TNSPING to test resolution/latency; verify listener status and endpoints.
• Set sqlnet.ora timeouts (inbound/outbound/send/recv) to avoid long hangs and detect dead peers.

Security & Compliance (always-on)

• Encrypt by default (TDE); store keys securely; verify wallet/OKV/KMS integration.
• Unified Auditing and least-privilege IAM. Rotate passwords/keys; review user/role hygiene per environment.
• Harden network (NSGs, private endpoints), restrict public exposure, enforce TLS everywhere.

Data Layer Modernization Notes

• Migrate LONG/LONG RAW → LOB types where legacy remains, to unlock features and tooling compatibility.
• Leverage 23c/23ai capabilities (e.g., JSON Relational Duality, Vector Search) where appropriate-after performance baselining.

Quick Commands (illustrative)

AutoUpgrade (analyze → deploy):

java -jar /u01/app/autoupgrade/autoupgrade.jar -config /tmp/autoupgrade.cfg -mode analyze
java -jar /u01/app/autoupgrade/autoupgrade.jar -config /tmp/autoupgrade.cfg -mode deploy

FPP (gold image → working copy → move):

rhpctl import -image DB23_1 -path /u01/app/oracle/product/23.1.0/dbhome_1
rhpctl add workingcopy -workingcopy DB_HOME_23c -image DB23_1 -oraclebase /u01/app/oracle
rhpctl move database -dbname PROD -targetworkingcopy DB_HOME_23c

Net sanity (listener & TNS):

lsnrctl status
tnsping servicename

Operational Checklist (print & pin)

• ☑ IaC sources (Terraform) versioned and tagged; environments separated via compartments and policies.
• ☑ Parameter catalog (CDB defaults, PDB overrides) documented and auditable.
• ☑ Backup policies verified; quarterly restore tests; PITR validated.
• ☑ AutoUpgrade reports clean; rollback plan rehearsed.
• ☑ FPP images immutable/versioned; promotion flow established.
• ☑ Net configs tested (tnsnames.ora, sqlnet.ora, listener endpoints, TLS).
• ☑ Security baseline enforced (TDE, auditing, least privilege, segmentation).
• ☑ Observability wired (metrics, logs, alerts, AWR baselines).

Next step: Adopt this runbook for a pilot service, measure downtime and variance, then roll to the broader fleet using image promotion and FPP subscriptions.