We use machine learning technology to do auto-translation. Click "English" on top navigation bar to check Chinese version.
Install additional software components on Amazon RDS Custom for Oracle
When an RDS Custom for Oracle instance is provisioned, it comes with a database environment that consists mainly of database binaries, a starter database, and a database listener. For certain workloads, you may want to install additional software components provided by Oracle or other vendors on the host operating system of the database server.
With the flexibility of Amazon RDS Custom for Oracle, you can customize your database, underlying server, and operating system configurations to support the various requirements of the workload. In this post, we discuss the step-by-step instructions and best practices for installing common software components on Amazon RDS Custom for Oracle without breaking the
Install additional software components and agents
Installation of additional software and agents on the database host might be a requirement to satisfy various application needs or organization standards. Until Amazon RDS Custom was introduced, you had to deploy such workloads as self-managed databases on
Some of the common requirements that we hear from our customers with regards to the installation of software components on the database host include the following:
- Install Oracle Enterprise Manager (OEM) Agent on the database host to discover the database instance as a target in
Oracle Enterprise Manager Grid Control - Install APEX Listener on the database host to support the
Oracle Application Express (APEX) feature - Install an
S-TAP
agent on the database host as a root user to monitor the database traffic using theGuardium database activity monitoring solution
Best practices to install software components on an RDS Custom for Oracle environment
The following are some of the best practices and guidelines when installing additional software components in the RDS Custom for Oracle environment:
- The recommended practice to apply database patches is to create a new
custom engine version (CEV) with the desired patches and apply the new CEV to the instance. However, when this approach isn’t feasible (for example, an emergency patching scenario), one-off patches may be directly applied on theORACLE_HOME
using theOPatch
utility. Optionally, an updated CEV corresponding to the applied patches can be created and applied to the instance later to synchronizeORACLE_HOME
and the CEV used by the instance, although the instance has no dependency on the CEV after it’s provisioned. - Do not install additional software components under the
/rdsdbbin
mount point, which is reserved for Oracle Database binaries. - It is recommended to install third-party software and agents as a separate OS user. Installing and running software components and agents as the root user is also supported. Software components related to Oracle Database such as OEM Agent and APEX Listener can be installed as the
rdsdb
user who owns the Oracle Database binaries. - Use the
/rdsdbdata
file system to host additional software components under new directories created on this mount point. Because this file system is included in automated and manual snapshot backups, it’s recommended to remove temporary staging files that are no longer required after successful installation of the software. - Configure the software for logs and trace files to be created on the
/rdsdbdata
file system and implement periodic purging of those files. - Tasks can be scheduled to run automatically using
crontab or auto start of the tasks, and agents can be configured usingsystemd . - To avoid space pressure on the
/mount
point, packages can be installed outside the/mount
if the installer allows that option for the specific software that is installed. For instance, you can userpm -ivh --prefix=/rdsdbdata/software_additions
to install relocatable packages to the/rdsdbdata
mount point. - Verify that installing new software components doesn’t break the library dependencies and kernel requirements for the Oracle Database binaries. Refer to the Oracle installation documentation corresponding to the database and OS version for more details. Refer to
Supported Oracle Linux 7 Distributions for x86-64 for the details for the 19c database on Oracle Linux 7. - Monitor RDS Custom for Oracle Elastic Block Store (EBS) mount points such as data volume (
/rdsdbdata
), binary volume (/rdsdbbin
), and root volume (/
), as discussed inMonitor Amazon RDS Custom for Oracle with Amazon CloudWatch metrics , to verify that the installation and configuration of the software components doesn’t exhaust the space available on those volumes. - It is recommended to
pause and resume automation before and after the installation of additional software components on an RDS Custom for Oracle instance. This is to verify that the root volume gets backed up (during resume automation) after the software installation and restore activities includingscale compute can use the latest image of the operating system.
In this post, we also discuss the high-level steps to install Oracle APEX, the Guardium S-TAP agent, and OEM Agent on the host operating system of an RDS Custom for Oracle instance. The steps discussed here are for reference to provide an overview of the installation process in an RDS Custom for Oracle environment. Refer to the official documentation published by the vendors for detailed instructions for installing a specific version of those software components.
An OS login is needed for performing different activities involved in the installation process. Refer to
For installing software components on multiple RDS Custom for Oracle instances, the installation process can be simplified using
Install APEX Listener on an RDS Custom for Oracle environment
The steps detailed here are only for reference to show how installation can be done on an RDS Custom for Oracle environment. Refer to
The Oracle APEX architecture requires a webserver to proxy the requests between a browser and the APEX engine. Oracle REST Data Services (ORDS) meets this requirement, and this webserver component can be hosted on the database server or on a different EC2 instance that has connectivity to the RDS Custom for Oracle instance. The steps listed here are for installing the ORDS component on the same RDS Custom for Oracle instance that hosts the database component.
-
Pause RDS Custom automation - Download and install Oracle APEX (for this post, we installed APEX version 22, which can be downloaded from
download.oracle.com ).
- Create a directory named
software_addons
in the/rdsdbdata
mount point to host the additional software components and set the appropriate permissions:
- Download the APEX installation file and install the APEX component in the database:
- Download and install ORDS (see
Downloading and Installing Oracle REST Data Services for detailed installation steps):
- Download
Java 11 or higher version as required by ORDS:
As per the Oracle blog post
- Provide ORDS installation privileges to the ADMIN user:
- Prepare an environment file to set PATH for Java and ORDS binaries:
- Configure and start ORDS (for more information, refer to
Downloading ORDS ):
You can use
-
Resume RDS Custom automation
Install the Guardium S-TAP agent on an RDS Custom for Oracle environment
Guardium is a comprehensive data protection service that enables security teams to automatically analyze what is happening in sensitive data environments like databases. Many customers use Guardium for database activity monitoring, and it requires the S-TAP agent to be installed on the database servers. Guardium S-TAP is a lightweight software agent installed on database servers for data activity monitoring. The information collected by the S-TAP agent is forwarded to the Guardium collector. It is beyond the scope of this post to discuss the detailed installation steps for S-TAP or the features and configurations of the product. Refer to
The installation steps for S-TAP on Linux are discussed in detail in
In this section, we highlight the best practices to follow in an RDS Custom for Oracle environment during the installation of the S-TAP agent.
-
Pause RDS Custom automation - Prepare the installation directories. S-TAP agent gets installed to the
/opt/Guardium
directory, which can’t be customized. Due to limited space available in the/
mount point, it’s recommended to create a guardium directory in the/rdsdbdata/
mount point and create a soft link to/opt/guardium
. See the following code:
- Install any prerequisites RPM files:
- Copy the installation RPM to the RDS Custom for Oracle instance to the
/rdsdbdata/sofware_addons/Guardium
directory and install the S-TAP agent:
- Complete the configuration by running
/opt/guardium/bin/guard-config-update
, as discussed inLinux-Unix: S-TAP guard-config-update parameters for RPM installation and update . - Auto start the S-TAP agent when the system reboot is automatically configured. Refer to the
troubleshooting guide for more details. -
Resume RDS Custom automation
Install OEM Agent on an RDS Custom for Oracle environment
Oracle Enterprise Manager (OEM) Management Agent is a software component that monitors targets running on hosts and communicates that information to the middle-tier Oracle Management Service (OMS). For more information, see
- Prepare security group rules and firewall rules to allow required communication between OMS servers and OEM Agent, which will be deployed on the RDS Custom for Oracle instance. Refer to
Configuring Enterprise Manager for Firewalls for more details on the ports for communication between them. - Get the agent installation file from OMS.
There are multiple options to install OEM Agent on the RDS Custom for Oracle instance from OMS, as discussed in
emcli get_agentimage
option to download the agent deployment file, which can be copied to the RDS Custom for Oracle instance. On the OMS server, run the following code:
./emcli login -username=sysman
- Copy the agent installation file to the RDS Custom for Oracle instance.
You can use SCP to copy to an
-
Pause RDS Custom automation - Prepare the environment and install the agent:
- Create
AGENT HOME:
- Create the file
/rdsdbdata/software_addons/agent/oraInst.loc
with the following contents:
- Install the agent (modify the configurations to match your environment):
- Run root.sh:
- After the installation is successfully complete, verify that the agent is healthy:
By default, the agent is configured to start automatically using the /etc/init.d/gcstartup
script, as discussed in
- Confirm that the host target (the hostname of the RDS Custom for Oracle instance) is visible in OEM.
- Add RDS Custom for Oracle instance
targets such as database and listener to the OEM using the Amazon RDS console. -
Resume RDS Custom automation
Clean up
When the installation of the software components is successfully completed, clean up the installation files and temporary files that are no longer needed for the functioning of the software. This includes files such as apex_22.1.zip, ords-latest.zip, jdk-11.0.17_linux-x64_bin.tar.gz, and guard-stap-11.5.0.0.113097-1-rhel-7-linux-x86_64.x86_64.rpm
which were staged for the installation of various components as discussed in this post.
Conclusion
If your workload requires the installation of additional software modules or agents on the database host and a managed service is preferred to run the Oracle Database workload, then Amazon RDS Custom for Oracle is your choice. In this post, we discussed the step-by-step instructions for installing common software components such as OEM Agent, APEX, and the Guardium S-TAP agent on Amazon RDS Custom for Oracle without breaking the support perimeter, and general best practices for software installation on an RDS Custom for Oracle instance.
If you have any comments or questions, leave them in the comments section.
About the authors
Jobin Joseph is a Senior Database Specialist Solution Architect based in Toronto. With a focus on relational database engines, he assists customers in migrating and modernizing their database workloads to Amazon Web Services. He is an Oracle Certified Master with 20 years of experience with Oracle databases.
The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.