Categories
Enterprise Manager perl xml

list targets

As correctly pointed out by dhoogfr , the proper way to list targets on an agent is to use list target

$ emctl config agent listtargets
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
[srv01.example.com, host]
[srv01.example.com:3872, oracle_emd]
[agent13c2_2_srv01.example.com_3830, oracle_home]
[DB01.example.com, oracle_database]
[OraDB12Home1_14_srv01.example.com_743, oracle_home]
[DB01_srv01.example.com_CDBROOT, oracle_pdb]
[DB01_srv01.example.com_PDB01, oracle_pdb]
[LISTENER001_srv01.example.com, oracle_listener]

Not really easy to parse, and it does not contain all information. Let’s imagine I want to get the TARGET_NAME out of my SID? hard…

What is actually emctl doing ? It is parsing the targets.xml with perl. Oracle wrote a module, called ias::simpleXPath, that helps parsing the file.


$AGENT_HOME/perl/bin/perl -l -I$AGENT_HOME/sysman/admin/scripts -Mias::simpleXPath -e '
foreach $t(
simpleXPathQueryForNodes(
"targets.xml","Targets/Target")){
print
"[".($t->{"attributes"}->{"NAME"}).
", ".($t->{"attributes"}->{"TYPE"}).
"]"}'

ias::simpleXPath is a wrapper for XML::Parser. XML::Parser is a supported perl that is included in the agent home. So no need to install your own perl modules for this purpose!

back to by example, if I want to get the target name for my SID DB01

$AGENT_HOME/perl/bin/perl -l -MXML::Parser -e '
$xmlfile = "targets.xml";
die "Cannot find file $xmlfile"
unless -f $xmlfile;
$parser = new XML::Parser;
$parser->setHandlers(
Start => \&startElement,
End => \&endElement);
$parser->parsefile($xmlfile);
sub startElement {
( $parseinst, $element, %attrs ) = @_;
if ($element eq "Target") {
$tn=$attrs{"NAME"};
$tt=$attrs{"TYPE"};
}
if ($element eq "Property" &&
$attrs{"NAME"} eq "SID" ) {
$sid=$attrs{"VALUE"};
}
}
sub endElement {
( $parseinst, $element ) = @_;
if ($element eq "Target"){
if (
lc $sid eq lc "DB01"
) {
print $tn . ":" . $tt;
}
$sid="";
}
}
'
DB01.example.com:oracle_database

This could be useful, for instance if you want to start a blackout

emctl start blackout db01_black DB01.example.com:oracle_database

For listener, you could retrieve the LsnrName for your listener LISTENER001

$AGENT_HOME/perl/bin/perl -l -MXML::Parser -e '
$xmlfile = "targets.xml";
die "Cannot find file $xmlfile"
unless -f $xmlfile;
$parser = new XML::Parser;
$parser->setHandlers(
Start => \&startElement,
End => \&endElement);
$parser->parsefile($xmlfile);
sub startElement {
( $parseinst, $element, %attrs ) = @_;
if ($element eq "Target") {
$tn=$attrs{"NAME"};
$tt=$attrs{"TYPE"};
}
if ($element eq "Property" &&
$attrs{"NAME"} eq "LsnrName" ) {
$lsn=$attrs{"VALUE"};
}
}
sub endElement {
( $parseinst, $element ) = @_;
if ($element eq "Target"){
if (
lc $lsn eq lc "LISTENER001"
) {
print $tn . ":" . $tt;
}
$lsn="";
}
}
'
LISTENER001_srv01.example.com:oracle_listener

Which you could also blackout before rebooting.

The parser is not limited to Entreprise Manager targets, you could use it for oraInventory/ContentsXML/inventory.xml or whatever files.

There are plenty of other mean to read xml, from the database, xmllint, powershell.

Categories
Enterprise Manager license

Licensing Cloud Control

I just read the Enterprise Manager Licensing Information User Manual today. They are a lot of packs there, and you may not even know that autodiscovering targets is part of the lifecycle management pack or that blackouts are part of the diagnostic pack.

Have a look

Categories
Enterprise Manager security

list database monitoring users

I am quite familiar with the SYSMAN tables but this one required me some googling beyond the Oracle documentation.

The list of targets in your Oracle Enterprise Manager is in SYSMAN.MGMT_TARGETS. Each database target is monitored by a database user, typically DBSNMP.

To retrieve this information, you need some to hijack your database, read this : Gökhan Atil

  1. you copy your encryption key to your repository database, on the OMS server

  2. $ emctl config emkey -copy_to_repos
    Enter Enterprise Manager Root (SYSMAN) Password :

    Now anyone with select any table on your repository will see all passwords. You don’t want to do this, but unfortunately you have to do this because even the username is encrpyted.

  3. you decrypt the credentials for db monitoring

  4. SELECT *
    FROM (
    SELECT target_name,
    sysman.em_crypto.decrypt (
    c.cred_attr_value,
    c.cred_salt) cred,
    cred_attr_name attr
    FROM SYSMAN.EM_TARGET_CREDS c
    JOIN SYSMAN.mgmt_targets t USING (target_guid)
    JOIN sysman.EM_NC_CRED_COLUMNS c USING (cred_guid)
    WHERE c.target_type = 'oracle_database'
    AND c.set_name = 'DBCredsMonitoring'
    ) PIVOT (
    MAX (cred)
    FOR (attr) IN (
    'DBUserName' AS USERNAME,
    'DBRole' AS "ROLE")
    )


    TARGET_NAME USERNAME ROLE
    ----------- -------- ------
    DB01 dbsnmp NORMAL
    DB02 dbsnmp NORMAL
    DB03 sys SYSDBA

  5. remove the security leak

  6. $ emctl config emkey -remove_from_repos
    Enter Enterprise Manager Root (SYSMAN) Password :

Now the em_crypto won’t work any more

select
sysman.em_crypto.decrypt('0','0')
from dual
*
Error at line 2
ORA-28239: no key provided
ORA-06512: at "SYS.DBMS_CRYPTO_FFI", line 67
ORA-06512: at "SYS.DBMS_CRYPTO", line 44
ORA-06512: at "SYSMAN.EM_CRYPTO", line 250
ORA-06512: at line 1

This information could be used to change the password dynamically accross all databases.

emcli login \
-username=sysman \
-password=sysmanpw
emcli update_db_password \
-target_name=DB01 \
-user_name=dbsnmp \
-change_at_target=yes \
-old_password=oldpw \
-new_password=newpw \
-retype_new_password=newpw

Categories
Enterprise Manager

Change background of Oracle Entreprise Manager

If you have more than one OEM and want a red status bar in your production OEM, here the proceedings

Stop your cloud control

emctl stop oms -all

Unzip the $MW/oracle_common/modules/oracle.adf.view_11.1.1/adf-richclient-impl-11.jar in a new directory

$MW/jdk16/jdk/bin/jar -xvf $MW/oracle_common/modules/oracle.adf.view_11.1.1/adf-richclient-impl-11.jar

edit the picture dbd_topShadow.png (for instance) in adf/images/fusion-11.1.1.3.0/dbd_topShadow.png and copy it to META-INF/adf/images/fusion-11.1.1.3.0/dbd_topShadow.png with your favorite picture editor

recreate the jar

$MW/jdk16/jdk/bin/jar -cvf $MW/oracle_common/modules/oracle.adf.view_11.1.1/adf-richclient-impl-11.jar *

restart your OEM

emctl start oms

and empty your browser cache

You should see red

emred

Categories
Enterprise Manager security

Enhancement Request : SSL listener and OEM

#em12c still does not support SSL ! Encrypting network connection (https, ssh, sftp) is common sense in today’s business.

In Enhancement Request 6512390, Created 19-Oct-2007, the customer requested support for SSL.

Most recent update : it is postponed to 13cR2 at least !

*** 09/14/12 04:04 am DISCUSSION ***As we kick off 13c release, cleaning up the ERs. Mass updating all 13%GC% ERs to fixby 13.2GC DEFER. If you want to implement ER in 13.1GC, please update the fixby to = 13.1GC, and update all the other fields as per guidelines published.

Considering the cost of oracle advanced security option (required to get ssl), the lack of ability to influence future product enhancement is disappointing

Categories
12c Enterprise Manager

Enterprise Manager command line interface

emcli has been around for a while, but in 12c the installation has never been easier

do not search on otn for the jar, go to

download with : Setup –>My Preferences –>Command line interface –> download

install with : java -jar emclikit.jar client -install_dir=/u01/app/oracle/emcli

configure with : emcli setup -url=https://precision.example.com:4901/em -username=sysman -password=sysmanpw -dir=/u01/app/oracle/emcli.

That’s it.

Let’s try

$ emcli get_targets
Status Status Target Type Target Name
ID
1 Up host precision.example.com
1 Up j2ee_application /EMGC_GCDomain/GCDomain/EMGC_OMS1/e
mgc
1 Up j2ee_application /EMGC_GCDomain/GCDomain/EMGC_OMS1/O
CMRepeater
1 Up j2ee_application /EMGC_GCDomain/GCDomain/EMGC_OMS1/e
mpbs
-9 n/a metadata_repository /EMGC_GCDomain/GCDomain/EMGC_ADMINS
ERVER/mds-sysman_mds
-9 n/a metadata_repository /EMGC_GCDomain/GCDomain/EMGC_ADMINS
ERVER/mds-owsm
1 Up oracle_apache /EMGC_GCDomain/instance1/ohs1
1 Up oracle_apm /EMGC_GCDomain/GCDomain/EMGC_OMS1/o
racle.security.apm(11.1.1.3.0)
1 Up oracle_beacon EM Management Beacon
1 Up oracle_database LSC01
1 Up oracle_database LSC02
1 Up oracle_database LSC03
1 Up oracle_database LSC05
1 Up oracle_database LSC04
1 Up oracle_dbsys LSC01_sys
1 Up oracle_dbsys LSC03_sys
1 Up oracle_dbsys LSC04_sys
1 Up oracle_dbsys LSC02_sys
1 Up oracle_em_service EM Console Service
1 Up oracle_em_service EM Jobs Service
1 Up oracle_emd precision.example.com:1830
1 Up oracle_emrep Management Services and Repository
-9 n/a oracle_home oms12g1_8_precision
-9 n/a oracle_home WebLogicServer10_3_5_0_0_precision
-9 n/a oracle_home OraDb10g_home1_5_precision
-9 n/a oracle_home OraDb11g_home1_1_precision
-9 n/a oracle_home agent12g1_13_precision
-9 n/a oracle_home webtier12g1_24_precision
-9 n/a oracle_ias_farm EMGC_GCDomain
1 Up oracle_listener LISTENER_precision.example.com
1 Up oracle_oms precision.example.com:4890_Manageme
nt_Service
1 Up oracle_oms_console precision.example.com:4890_Manageme
nt_Service_CONSOLE
1 Up oracle_oms_pbs precision.example.com:4890_Manageme
nt_Service_PBS
-9 n/a weblogic_domain /EMGC_GCDomain/GCDomain
1 Up weblogic_j2eeserver /EMGC_GCDomain/GCDomain/EMGC_OMS1
1 Up weblogic_j2eeserver /EMGC_GCDomain/GCDomain/EMGC_ADMINS
ERVER

All green (one could argue command line has no color)

Categories
12c Enterprise Manager news OEM

Ow yes it is a “c” !

Rumours about what would come after 8i (internet) 10g (grid) were around, but now it is official, there will be an Oracle Enterprise Manager 12c

Read more : http://www.oracle.com/us/products/enterprise-manager/index.html

And in the blogosphere http://orana.info

Categories
dba Enterprise Manager

How to change the connection string of the Oracle Enterprise Manager Grid Control 11g repository

If you moved your repository to a new host and want to change the connection string, no need to drop it, no need to messup in the properties or xml files, simply read the doc

http://download.oracle.com/docs/cd/E11857_01/em.111/e16790/ha_agent.htm#autoId13
emctl config oms -store_repos_details (-repos_host -repos_port -repos_sid | -repos_conndesc ) -repos_user [-repos_pwd ] [-no_check_db]

Yes it works!

Categories
Enterprise Manager installation security

[alert] Oracle agents on AIX may not work in 2011 with OMS10g

Fuadar recently wrote : Grid Control 10.2.0.5 AIX Alert

Basically, if you have an 10g oms Server (any OS / any release) and aix agents (any release), and according to Note 1171558.1, communication between [10g] Oracle Management Service and [AIX] Management Agents will break due to a default self-signed certificate expiring in 31 Dec 2010.

There is more than one way to solve this

1) you upgrade your oms to 11g. Good luck to do this before end of year…

2) You upgrade your oms to 10.2.0.5, apply patch 10034237 on your oms, create a new certificate, resecure all your agents. Pretty heavy stuff I promise.

3) You use a Third Party Certificate. This may work. I have not tested this for you.

4) You switch from https to http… this is of course not an acceptable workaround as the connection between the agent and the oms will be unsecure, but it may save your Silvester Party.

  • allow both secure and unsecure connections to the oms
  • on all your OMS instances

    opmnctl stopall
    emctl secure unlock
    opmnctl startall

  • switch all your agents to http
  • On all your AIX hosts with an agent installed

    emctl unsecure agent -omsurl http://omsserver:4890/em/*

    You can find the port for unsecure in your oms server in OMSHOME/sysman/config/emoms.properties under oracle.sysman.emSDK.svlt.ConsoleServerPort.


Happy holidays !