Product Snow Inventory Oracle Scanner
Version 2.1.02
Release Date 2014-04-24
Content Overview
Automatic Oracle Inventory
Oracle specific permissions
Configuration and running
Known issues
Appendix: Configuration examples
Document date 2014-04-24
Page 2 of 13
Copyright © 2013 Snow Software AB Page 2 of 132 Snow Inventory Client for Unix 1.0 – User Guide
ABOUT THIS DOCUMENT .................................................................................................................................. 3
OVERVIEW ....................................................................................................................................................... 3
PREREQUISITES ........................................................................................................................................................ 3 Full privileges .................................................................................................................................................. 3 Principle of least privileges ............................................................................................................................. 3
OPERATING SYSTEMS SUPPORTED ............................................................................................................................... 4 FILES ..................................................................................................................................................................... 4 INSTALLATION ......................................................................................................................................................... 4
AUTOMATIC ORACLE INVENTORY .................................................................................................................... 5
ORACLE INVENTORY WITH SPECIFIC USER AND PERMISSIONS ............................................................................................. 5 ORACLE PERMISSIONS REQUIRED ................................................................................................................................. 6
CONFIGURATION AND RUNNING ..................................................................................................................... 8
CONFIGURATION XML FILE ........................................................................................................................................ 8 OUTPUT ................................................................................................................................................................. 9 ENCRYPTION OF PASSWORDS...................................................................................................................................... 9 SCHEDULING ........................................................................................................................................................... 9
KNOWN ISSUES ................................................................................................................................................ 9
APPENDIX ....................................................................................................................................................... 10
CONFIGURATION EXAMPLES ..................................................................................................................................... 10 Example 1: Minimal configuration file ......................................................................................................... 10 Example 2: Advanced Oracle configuration ................................................................................................. 11 Example 3: Advanced Oracle Configuration ................................................................................................. 12 Example 4: Advanced Oracle Configuration ................................................................................................. 13
Page 3 of 13
Copyright © 2013 Snow Software AB Page 3 of 132 Snow Inventory Client for Unix 1.0 – User Guide
This document describes how to configure, install and run the Snow Inventory Oracle Scanner. It
covers options available from version 2.1.02 of the Snow Inventory Oracle Scanner. If some
options only apply to a specific version of the software, information about the version required is
available.
From version 2.0 the Snow Inventory Oracle Scanner is a Java program.
This makes the scanner platform independent and it can be run on a variety of platforms.
To run the Snow Inventory Oracle Scanner the target computer is required to have Java runtime
version 6.0 (1.6) or a later installed.
In Windows the prerequisite is that the Oracle Scanner is run with an administrative user account
(Local Admin on the server).
In Linux and Unix there are two privilege options for running the Oracle Scanner, and each option
is described in the sections below.
Commands like pkginfo and pkgchk must be reachable from the configured path variable in the
system.
A user with privileges to run the Java runtime with the sudo program.
The user will also need to have privileges to use the command su.
A user that has sudo rights to specific operating system commands depending on operating
system, see table below.
The sudoers file also need to have the NOPASSWD option set.
An Oracle database user is required for each database that is to be inventoried. The user can be
the same for all databases and then configured in the configuration file with the
<DefaultInstanceCredentials>. The user can also be unique and configured with the
<InstancesWithConfiguration>, see section below.
Page 4 of 13
Copyright © 2013 Snow Software AB Page 4 of 132 Snow Inventory Client for Unix 1.0 – User Guide
Example from sudoers file for Solaris.
User snow has the rights to execute the commands with sudo and no password:
## ## User privilege specification ## root ALL=(ALL) ALL snow ALL=NOPASSWD: /usr/bin/pwdx
Following commands are used for determining OracleHome. If OracleHome is set in the
configuration file, the user doesn’t need sudoers rights to this command.
Operating system Command
Solaris pwdx
AIX and Linux ls
HP-UX pfiles
AIX 5.3 or later, Sun Solaris 9 or later, HP-UX 11.11 or later, RHEL4, RHEL5, RHEL6, SLES 10, SLES
11 and Oracle Enterprise Linux 5, Oracle Linux 6 and Windows 2000 or later.
Executable Description
sios.jar This is the only required file for the Snow Inventory Oracle Scanner. It is
an executable Java archive that performs inventory of Oracle databases
on the current server that it is executed on.
<config>.xml Configuration file used for advanced configuration of the Snow Inventory
Oracle Scanner (Optional).
sios.log Logfile
sios.properties Properties file containg information about installation date, last run date,
Java version, output filename, and version.
<resultfile>.xml The result file from the Snow Inventory Oracle Scanner
Snow Inventory Oracle Scanner is integrated into all Snow Inventory Clients. When requesting a
Snow Inventory Client for the desired operating systems the customer needs to specify that the
Oracle Management Option needs to be included.
Page 5 of 13
Copyright © 2013 Snow Software AB Page 5 of 132 Snow Inventory Client for Unix 1.0 – User Guide
The Snow Inventory Oracle Scanner is designed to be able to perform automatic Oracle inventory
without the need of providing or creating a specific user account within the Oracle Databases.
The Snow Inventory Oracle Scanner automatically discovers all running Oracle instances on the
current server. It detects what user is running the database instance and switches to that specific
user when inventorying the database. No specific permissions or no specific user is needed for
the databases that are to be inventoried.
The Snow Inventory Oracle Scanner is non-invasive and read-only, meaning that only read
operations are performed when querying the database(s).
Snow Software recommends the use of Automatic Oracle Inventory rather that setting up specific
user accounts or permission for each Oracle database
If specific credentials are required for the Oracle inventory, a user account needs to be created
with SELECT permissions on the required TABLES and DICTIONARY in all databases that are to be
inventoried.
This can be done either by granting the user “SELECT ANY” privileges or by granting the user
SELECT privileges on the specific TABLES and DICTIONARY required.
The script would need to be run on each database that is to be inventoried and before each run
of the Oracle scanner.
The permissions will need to be set before each time the Oracle scanner is executed.
The reason for this is that new tables are created in the Oracle databases when activating certain
features and options. If the permissions are not set after activating such a feature or option, the
Oracle scanner will not have permission to perform inventory of that feature or option.
Script creating the user OSCAN and granting SELECT ANY privileges.
PROMPT
PROMPT Enter password for user OSCAN
PROMPT
SET TERMOUT OFF
define OSCAN_PASSWD=&1
CREATE USER OSCAN identified by &OSCAN_PASSWD;
GRANT CREATE SESSION TO OSCAN;
GRANT SELECT ANY TABLE to OSCAN;
GRANT SELECT ANY DICTIONARY to OSCAN;
SET TERMOUT ON
PROMPT
PROMPT User Created
PROMPT
Page 6 of 13
Copyright © 2013 Snow Software AB Page 6 of 132 Snow Inventory Client for Unix 1.0 – User Guide
When performing automatic Oracle inventory using the user that runs the database instance, the
required permissions are already granted to the user.
When performing Oracle inventory using a specific Oracle user, the user needs to be granted the
permissions required as illustrated in the section above (Oracle Inventory with specific user and
permissions).
In both cases the following tables are accessed and the user needs to be able to run select
queries towards these tables.
Below is a specification of tables and required permission for the Snow Inventory Oracle Scanner.
Table Required permission
all_objects Select
all_sdo_geom_metadata Select
all_views Select
dba_aws Select
dba_encrypted_columns Select
dba_feature_usage_statistics Select
dba_lob_partitions Select
dba_lob_subpartitions Select
dba_lobs Select
dba_segments Select
dba_sql_profiles Select
dba_tab_partitions Select
dba_tab_subpartitions Select
dba_tables Select
dba_tablespaces Select
dba_users Select
deferred_stg$ Select
gv$instance Select
gv$parameter Select
kopm$ Select
odm_document Select
odm_record Select
props$ Select
v$archive_dest_status Select
v$database Select
v$instance Select
v$license Select
v$option Select
v$parameter Select
v$sga Select
Page 7 of 13
Copyright © 2013 Snow Software AB Page 7 of 132 Snow Inventory Client for Unix 1.0 – User Guide
Table Required permission
v$version Select
v$session Select
v$session_connect_info Select
view$ Select
olapsys.dba$olap_cubes Select
lbacsys.lbac$polt Select
odm.odm_mining_model Select
dmsys.dm$object Select
dmsys.dm$p_model Select
dmsys.dm$model Select
dvsys.dba_dv_realm Select
model$ Select
sysman.mgmt_admin_license Select
sysman.mgmt_license_confirmation Select
sysman.mgmt_license_definitions Select
sysman.mgmt_licensed_targets Select
sysman.mgmt_licenses Select
sysman.mgmt_target_types Select
sysman.mgmt_targets Select
system.logstdby$parameters Select
Page 8 of 13
Copyright © 2013 Snow Software AB Page 8 of 132 Snow Inventory Client for Unix 1.0 – User Guide
The Snow Inventory Oracle Scanner can be configured by using a configuration file.
The configuration file is XML-based and contains the following tags:
Parameter Description
<SiteName> Snow Site Name. i.e. MyCorp
<OutputPath> Path to where output and log files will be placed.
<StoragePath> Path to where properties files will be placed.
<OracleScan> true/false. Default is true.
<OracleConfig> Main tag of all Oracle specific options.
Can be left out, for automatic inventory, if left out none of the
configuration below applies.
<DiscoverAllInstances> true/false. Must be present if OracleConfig is used.
<IncludeInstances> Only scan specified instances instead of all instances
(DiscoverAllInstances must then be set to false).
Can be left out.
<SID> Database instance SID. Can be repeated.
<ExcludeInstances> Exclude database instances from being scanned.
Can be left out.
<SID> Database instance SID. Can be repeated.
<DefaultInstanceCredentials> Default credentials to use when log into a database instance if
no specific credentials is specified for the specific instance.
Can be left out.
<User> Tag for specifying Oracle credentials
<Username> Oracle Username
<Password> Oracle password, encrypted (see section Encryption of
passwords)
<InstancesWithConfiguration> Credentials for specific database instances.
Can be left out.
<Instance> Database instance. Can be repeated.
<SID> Database instance SID.
<User> Oracle user. Entered as above.
<Username> User name
<Password> User password, encrypted (see section Encryption of passwords)
<OracleHome> Path to the Oracle home for the instance. Used if automatic
scanning doesn’t find the correct path.
Page 9 of 13
Copyright © 2013 Snow Software AB Page 9 of 132 Snow Inventory Client for Unix 1.0 – User Guide
The information from Snow Inventory Oracle Scanner will be integrated with the information
collected by the Snow Inventory Client.
Encryption of passwords used in the configuration file and on the command line can be achieved
by using a support program called snowcrypt which is available from Snow Support. It is a
Windows only program which is run from a command prompt.
The program is used in the following way, and the result is displayed on the next line of the
command prompt:
C:\Snowutils> snowcrypt encryptpass2 MyPassword 145f737f4f357d0ef01ffcc6ee8bd8576ebafcf8e36dfc5ed3c109bae2b24e6f5
Scheduling is handled in the document of the specific Snow Inventory Client that is used.
The Java Runtime 1.7.0_07 contains a defect with the consequence that the Oracle inventory does
not work. Any server running Java Runtime 1.7.0_07 must upgrade to a later Java Runtime version
for the Snow Inventory Oracle scanner to work properly.
There is a validation on the configuration xml file. This means that some items must be in a
specific order in the xml file. In case that a failure occurs related to the configuration file, please
check the order of the xml tags.
Page 10 of 13
Copyright © 2013 Snow Software AB Page 10 of 132 Snow Inventory Client for Unix 1.0 – User Guide
All active database instances on the server will be scanned.
The result and log file will be placed in the same directory as the Oracle scanner.
<?xml version="1.0" encoding="UTF-8"?>
<SnowConfig>
<SiteName>MyCorp</SiteName>
</SnowConfig>
Page 11 of 13
Copyright © 2013 Snow Software AB Page 11 of 132 Snow Inventory Client for Unix 1.0 – User Guide
All active database instances on server will be scanned, except for DbInstance1.
All instances will be scanned with the user Username 1 and corresponding password, except for
DbInstance2 that will be scanned with the user Username 2 and corresponding password.
The result and log file will be placed in the sub directory files.
<?xml version="1.0" encoding="UTF-8"?>
<SnowConfig>
<SiteName>MyCorp</SiteName>
<OutputPath>files</OutputPath>
<OracleConfig>
<DiscoverAllInstances>true</DiscoverAllInstances>
<ExcludeInstances>
<SID>DbInstance1</SID>
</ExcludeInstances>
<DefaultInstanceCredentials>
<User>
<Username>Username 1</Username>
<Password>Password 2</Password>
</User>
</DefaultInstanceCredentials>
<InstancesWithConfiguration>
<Instance>
<SID>DbInstance2</SID>
<User>
<Username>Username 2</Username>
<Password>Password 2</Password>
</User>
</Instance>
</InstancesWithConfiguration>
</OracleConfig>
</SnowConfig>
Page 12 of 13
Copyright © 2013 Snow Software AB Page 12 of 132 Snow Inventory Client for Unix 1.0 – User Guide
Only the database instances DbInstance1 and DbInstance2 on the server will be scanned.
Both instances have their own credentials configured.
The result and log file will be placed in the directory /var/log/sios.
<?xml version="1.0" encoding="UTF-8"?>
<SnowConfig>
<SiteName>MyCorp</SiteName>
<OutputPath>/var/log/sios</OutputPath>
<OracleConfig>
<DiscoverAllInstances>false</DiscoverAllInstances>
<IncludeInstances>
<SID>DbInstance1</SID>
<SID>DbInstance2</SID>
</IncludeInstances>
<InstancesWithConfiguration>
<Instance>
<SID>DbInstance1</SID>
<User>
<Username>Username 1</Username>
<Password>Password 1</Password>
</User>
</Instance>
<Instance>
<SID>DbInstance2</SID>
<User>
<Username>Username 2</Username>
<Password>Password 2</Password>
</User>
</Instance>
</InstancesWithConfiguration>
</OracleConfig>
</SnowConfig>
Page 13 of 13
Copyright © 2013 Snow Software AB Page 13 of 132 Snow Inventory Client for Unix 1.0 – User Guide
Inventory of an Oracle database instance with the OracleHome parameter specified instead of
using automatic detection of Oracle Home.
<?xml version="1.0" encoding="UTF-8"?>
< SnowConfig >
<SiteName>MyCorp</SiteName>
<OracleConfig>
<DiscoverAllInstances>true</DiscoverAllInstances>
<InstancesWithConfiguration>
<Instance>
<SID>MySid</SID>
<OracleHome>/opt/oracle/current</OracleHome>
</Instance>
</InstancesWithConfiguration>
</OracleConfig>
</SnowConfig>