apt update public key issue

When running "apt update" in raspberry pi, facing below warning message

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packagecloud.io/headmelted/codebuilds/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0CC3FD642696BFC8
Following the solution from
refer  https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey , which worked for me.  Cheers.

sudo apt-get install debian-keyring

- below command took  more than 1 minutes

pi@raspberrypi:~ $ sudo gpg --keyserver pgp.mit.edu --recv-keys 0CC3FD642696BFC8
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 8D9940AE59B46979: public key "https://packagecloud.io/headmelted/code-oss (https://packagecloud.io/docs#gpg_signing) " imported
gpg: Total number processed: 1
gpg:               imported: 1


pi@raspberrypi:~ $ sudo gpg --armor --export 0CC3FD642696BFC8 | apt-key add -
E: This command can only be used by root.

pi@raspberrypi:~ $ sudo su -
root@raspberrypi:~# id
uid=0(root) gid=0(root) groups=0(root)
root@raspberrypi:~# gpg --armor --export 0CC3FD642696BFC8 | apt-key add -
OK

Verified running "apt update" without any warning message now. 

About RAC SCAN IP

A SCAN (Single Client Access Name) is a special case of VIP. The SCAN should also be defined in DNS, and not assigned to any host or interface. There should be three IPs associated with the SCAN name in DNS, and the DNS entry should be defined so that one of the three IPs is returned each time DNS is queried, in a round robin fashion.

At clusterware startup time, each of the three VIPs that make up the SCAN will be assigned to a different node in the cluster. (Except in the special case of a two node cluster, one of the nodes will have a 2 SCAN VIPs assigned to it.) The point of the SCAN, is that no matter how many nodes are added to or removed from the cluster, all the Net Service Name definitions in your tnsnames.ora (or LDAP equivalent) will not need to ever change, because they all refer to the SCAN, which doesn't change, regardless of how many node additions or drops are made to the cluster.

Additionally, you may have the SCAN defined as: rac-scan with three IPs, 10.1.1.7, 10.1.1.8, 10.1.1.9. Again, the DNS definition would be defined so those IPs are served up in a round robin order.

CRS-5019:All OCR locations are on ASM disk groups [DATA], and none of these disk groups are mounted.

In my case ,  from ASM alert.log , actually it is due to ASM failed to start because of ORA-00600 as shown below.


ORA-00600: internal error code, arguments: [kfcema35], [0], [742], [0], [4368], [], [], [], [], [], [], []CRS-2674: Start of 'ora.asm' on 'rac1' failed


However, I don't have solution to overcome this ora-00600. In the end, I decided to rebuild the cluster. 

about data guard FAL setting

FAL_SERVER = Specifies one or more Oracle Net service names for the databases from which this standby database can fetch (request) missing archived redo log files.

FAL_CLIENT = This parameter is no longer required. If it is not set, the fetch archive log (FAL) server will obtain the client's network address from the LOG_ARCHIVE_DEST_n parameter that corresponds to the client's DB_UNIQUE_NAME.


With broker configured

Yes the broker handles it. FAL_CLIENT would not be set at all but FAL_SERVER would default itself to the primary db_unique_name. That´s the beauty of the Broker - it really sorts these things out for you, so in my experience the best setup with Broker is to not set anything before hand, but let the Broker sort all those parameters for you. And if you need to change something, always do it from the dgmgrl interface - not sql*plus - as that would cause inconsistencies with the Broker configuration.

Key things leared from VNC Server setup

1.Commands: to setup different desktop.  Note that the desktops used by VNC server shall not be the same as that for direct access' desktop. e.g. I use KDE for local desktop, then my remote desktop is gnome.

-- for gnome desktop

xsetroot -solid grey
vncconfig -iconic &
dbus-launch --exit-with-session gnome-session &


-- for xfce4

 startxfce4 &
-- for kde
startkde &

2. commands to start/stop vncserver. Note that avoid to use sudo, otherwise the vncserver will be started as root instead of logon user. In the end, it causes file permission issue of .Xauthority

start :  vncserver
stop :  vncserver -kill :1


Ref: https://www.teknotut.com/en/install-vnc-server-with-gnome-display-on-ubuntu-18-04/

config HTTPS for APEX 5.1 running on SE2

In my case, self-signed certification is used.



High level steps  are;

1. Relink SE Oracle binary in order to support TCPS. Skip this step for EE

2. Create wallet to store self-signed cert

3. Create self-signed cert

4. Verify TCPS connection over SQL*NET

5. Configure http2 for APEX Embedded web server





Below are details.



Step 1 - Enable SE TCPS



Follow Oracle doc  -  How To Enable TCPS Support For Oracle Standard Edition (Doc ID 1457854.1)


-- current lib file

/software/oracle/product/12.2.0/lib> ls -l libntcps*

-rw-r--r-- 1 oracle oracle 356034 Dec 15 2016 libntcps12.a



--installer jar files

:/software/oracle/admin/INSTALLER/database/stage/Components/oracle.network.rsf/12.2.0.1.0/1/DataFiles> ls -l

total 4540

-rwxr-xr-x 1 oracle oracle 722400 Jan 26 2017 filegroup1.jar

-rwxr-xr-x 1 oracle oracle 3708288 Jan 26 2017 filegroup2.jar

-rwxr-xr-x 1 oracle oracle 212871 Jan 26 2017 filegroup3.jar





> pwd

/software/oracle/admin/INSTALLER/database/stage/Components/oracle.network.rsf/12.2.0.1.0/1/DataFiles

> $ORACLE_HOME/jdk/bin/jar tvf filegroup2.jar |grep libntcps

356034 Thu Dec 15 07:31:24 SGT 2016 lib/libntcps12_ee.a.dbl



> $ORACLE_HOME/jdk/bin/jar xvf ~/filegroup2.jar lib/libntcps12_ee.a.dbl

inflated: lib/libntcps12_ee.a.dbl









> ls -la libntcps*

-rw-r--r-- 1 oracle oracle 356034 Dec 15 2016 libntcps12.a

-rw-r--r-- 1 oracle oracle 356034 Jan 24 14:37 libntcps12_ee.a.dbl

> cp -p libntcps12.a libntcps12.a.orig



-- relink



> sqlplus / as sysdba



SQL*Plus: Release 12.2.0.1.0 Production on Wed Jan 24 14:39:17 2018



Copyright (c) 1982, 2016, Oracle. All rights reserved.





Connected to:

Oracle Database 12c Standard Edition Release 12.2.0.1.0 - 64bit Production



SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> exit

Disconnected from Oracle Database 12c Standard Edition Release 12.2.0.1.0 - 64bit Production

> ps -f |grep tns

oracle 20494 20272 0 14:39 pts/0 00:00:00 grep --color=auto tns

> ps -fu oracle

UID PID PPID C STIME TTY TIME CMD

oracle 14048 14046 0 11:20 ? 00:00:01 sshd: oracle@pts/1

oracle 14049 14048 0 11:20 pts/1 00:00:00 -ksh

oracle 19604 1 0 14:04 ? 00:00:00 /software/oracle/product/12.2.0/bin/tnslsnr LISTENER_ORCL -inherit

oracle 20271 20269 0 14:28 ? 00:00:00 sshd: oracle@pts/0

oracle 20272 20271 0 14:28 pts/0 00:00:00 -ksh

oracle 20500 20272 0 14:40 pts/0 00:00:00 ps -fu oracle

> lsnrctl stop LISTENER_ORCL



LSNRCTL for Linux: Version 12.2.0.1.0 - Production on 24-JAN-2018 14:40:10



Copyright (c) 1991, 2016, Oracle. All rights reserved.



Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1588)))

The command completed successfully





> relink all

writing relink log to: /software/oracle/product/12.2.0/install/relink.log







> ls -la libntcps*

-rw-r--r-- 1 oracle oracle 356034 Dec 15 2016 libntcps12.a

-rw-r--r-- 1 oracle oracle 356034 Dec 15 2016 libntcps12.a.orig

-rw-r--r-- 1 oracle oracle 356034 Jan 24 14:37 libntcps12_ee.a.dbl





> ls -l /software/oracle/product/12.2.0/install/relink.log

-rw-r--r-- 1 oracle oracle 169637 Jan 24 14:41 /software/oracle/product/12.2.0/install/relink.log









#highlighted are updated files

ls -lrt





...







-rw-r--r-- 1 oracle oracle 22215298 Jan 24 12:01 libcommon12.a

-rw-r--r-- 1 oracle oracle 36700774 Jan 24 12:01 libgeneric12.a

-rwxr-xr-x 1 oracle oracle 2032800 Jan 24 12:01 libasmclntsh12.so

-rw-r--r-- 1 oracle oracle 356034 Jan 24 14:37 libntcps12_ee.a.dbl

-rw-r--r-- 1 oracle oracle 14683 Jan 24 14:40 libskgxn2.so

-rw------- 1 oracle oracle 137 Jan 24 14:40 ldflagsO

-rw-r--r-- 1 oracle oracle 137 Jan 24 14:40 ldflags

-rw-r--r-- 1 oracle oracle 2872 Jan 24 14:40 ntcontab.o

-rw-r--r-- 1 oracle oracle 1968 Jan 24 14:40 nnfgt.o

-rw-r--r-- 1 oracle oracle 9619442 Jan 24 14:40 libn12.a

-rwxr-xr-x 1 oracle oracle 8033736 Jan 24 14:40 libclntshcore.so.12.1

-rw-r--r-- 1 oracle oracle 1687689 Jan 24 14:40 clntshcore.map

lrwxrwxrwx 1 oracle oracle 21 Jan 24 14:40 libclntshcore.so -> libclntshcore.so.12.1

-rwxr-xr-x 1 oracle oracle 71653096 Jan 24 14:40 libclntsh.so.12.1

-rw-r--r-- 1 oracle oracle 5080271 Jan 24 14:40 clntsh.map

lrwxrwxrwx 1 oracle oracle 17 Jan 24 14:40 libclntsh.so -> libclntsh.so.12.1

lrwxrwxrwx 1 oracle oracle 12 Jan 24 14:40 libclntsh.so.11.1 -> libclntsh.so

lrwxrwxrwx 1 oracle oracle 12 Jan 24 14:40 libclntsh.so.10.1 -> libclntsh.so

-rwxr-xr-x 1 oracle oracle 2222528 Jan 24 14:40 libocci.so.12.1

lrwxrwxrwx 1 oracle oracle 15 Jan 24 14:40 libocci.so -> libocci.so.12.1

-rwxr-xr-x 1 oracle oracle 2553264 Jan 24 14:40 libagtsh.so.1.0

lrwxrwxrwx 1 oracle oracle 15 Jan 24 14:40 libagtsh.so -> libagtsh.so.1.0

-rwxr-xr-x 1 oracle oracle 194936 Jan 24 14:40 libsrvmm2.so

-rw-r--r-- 1 oracle oracle 1192447 Jan 24 14:40 libskgxp12.so





Step 2 - create wallet



Use oracle wallet manager  - owm to create an empty wallet.



Step 3 - create self-signed cert



ORCL:localhost:/software/oracle/admin/ORCL/wallet> orapki wallet add -wallet ./ -pwd Oracle123$ \
> -dn "CN=`hostname`, OU=DBA, O=mm, L=SG, ST=SG, C=SG" \
> -keysize 1024 -self_signed -validity 3650
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.
ORCL:localhost:/software/oracle/admin/ORCL/wallet> orapki wallet display -wallet ./ -pwd Oracle123$
Oracle PKI Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
Subject: C=SG,ST=SG,L=SG,O=mm,OU=dba,CN=dbmate-cert
User Certificates:
Subject: CN=localhost,OU=DBA,O=mm,L=SG,ST=SG,C=SG
Trusted Certificates:
Subject: CN=localhost,OU=DBA,O=mm,L=SG,ST=SG,C=SG









Step 4 - verify TCPS



-- config sqlnet

ORCL:localhost:/software/oracle/product/12.2.0/network/admin> cat sqlnet.ora

# sqlnet.ora Network Configuration File: /software/oracle/product/12.2.0/network/admin/sqlnet.ora

# Generated by Oracle configuration tools.



NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)



SSL_CLIENT_AUTHENTICATION = FALSE



WALLET_LOCATION =

(SOURCE =

(METHOD = FILE)

(METHOD_DATA =

(DIRECTORY = /software/oracle/admin/ORCL/wallet )

)

)



ORCL:localhost:/software/oracle/product/12.2.0/network/admin> cat listener.ora

# listener.ora Network Configuration File: /software/oracle/product/12.2.0/network/admin/listener.ora

# Generated by Oracle configuration tools.



LISTENER_ORCL =

(DESCRIPTION_LIST =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1588))

(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 1589))

(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))

)

)





SSL_CLIENT_AUTHENTICATION = FALSE



WALLET_LOCATION =

(SOURCE =

(METHOD = FILE)

(METHOD_DATA =

(DIRECTORY = /software/oracle/admin/ORCL/wallet )

)

)



--tnsnames.ora



ORCL_SSL =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 1589))

(CONNECT_DATA =

(SERVER = DEDICATED)

(SERVICE_NAME = ORCL)

)

)













ORCL:localhost:/software/oracle/product/12.2.0/network/admin> sqlplus perfstat@ORCL_SSL



SQL*Plus: Release 12.2.0.1.0 Production on Fri Jan 26 11:00:54 2018



Copyright (c) 1982, 2016, Oracle. All rights reserved.



Enter password:

Last Successful login time: Fri Jan 26 2018 11:00:14 +08:00



Connected to:

Oracle Database 12c Standard Edition Release 12.2.0.1.0 - 64bit Production



SQL> select sys_context('userenv','network_protocol') from dual;



SYS_CONTEXT('USERENV','NETWORK_PROTOCOL')

--------------------------------------------------------------------------------

tcps



SQL> exit

Disconnected from Oracle Database 12c Standard Edition Release 12.2.0.1.0 - 64bit Production

ORCL:localhost:/software/oracle/product/12.2.0/network/admin> tnsping ORCL_SSL



TNS Ping Utility for Linux: Version 12.2.0.1.0 - Production on 26-JAN-2018 11:01:17



Copyright (c) 1997, 2016, Oracle. All rights reserved.



Used parameter files:

/software/oracle/product/12.2.0/network/admin/sqlnet.ora





Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 1589)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = ORCL)))

OK (10 msec)







Step 5. Configure http2 for APEX Embedded web server



Set http2-port and http2-protocol in the XDB configuration:
See Note 942945.1



5.1  Set dispatcher for TCPS in database parameter file


*.dispatchers='(PROTOCOL=TCP) (SERVICE=ORCLXDB)','(PROTOCOL=TCPS) (SERVICE=ORCLXDB)'




5.2  set apex /Manage Instance/Requires HTTPS = always.





 My database is 12.2c , the APEX http port was 8888,  I am using same port for https , as no more HTTP will be supported.


  SQL> select dbms_xdb_config.gethttpport() from dual;

DBMS_XDB_CONFIG.GETHTTPPORT()
-----------------------------
8888

SQL> exec dbms_xdb_config.sethttpport(8080);

PL/SQL procedure successfully completed.

SQL> select dbms_xdb_config.gethttpport() from dual;

DBMS_XDB_CONFIG.GETHTTPPORT()
-----------------------------
8080

SQL> call DBMS_XDB_CONFIG.SETLISTENERENDPOINT(2, null, 8888,2);

Call completed.

SQL> select dbms_xdb_config.gethttpport() from dual;

DBMS_XDB_CONFIG.GETHTTPPORT()
-----------------------------
8080




select extractValue(value(x),'/httpconfig/http2-protocol', 'xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd"') "Protocol"
2 , extractValue(value(x),'/httpconfig/http2-port', 'xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd"') "Port#"
3 from table(xmlsequence(extract(xdburitype('/xdbconfig.xml').getXML(),'/xdbconfig/sysconfig/protocolconfig/httpconfig'))) x
4 /

Protocol
--------------------------------------------------------------------------------
Port#
--------------------------------------------------------------------------------
tcps
8888







Cheers!

bash commands for QNAP

This is useful.

find /share/Multimedia/ –name *.m4a | while read foo; do rm “$foo” ;done

https://www.ripcaster.co.uk/node/772