Linux OS
 
Exadata Database Machine X2-2 Full Rack
 
Oracle Exadata Storage Server Software
 

PLA-Support>Infrastructure>Operating Systems and Virtualization>Operating Systems>Oracle Linux
 

In this Document

Symptoms

Changes

Cause

Solution

References

Created from <SR 3-16896951899>

Applies to:

Symptoms

Manual changes in DB/CELL /etc/pamd./ or /etc/ssh/sshd_config or even CELL /etc/sysconfig/iptables changes are lost after patching and as well reboot.

Changes

Exadata patching was done or Cell/DB node got rebooted

Cause

This is normal behaviour in Engineered systems which utilize on host_access_control utility

Solution

host_access_control keeps Exadata CELL/Database Nodes to comply with security requirements.

Customer can still update and change files but they will be lost after next reboot/patching - instead host_access_control tool should be used to run all changes so they won't be lost.

In some cases even if host_access_control was properly used - some settings can be still reverted back to default values to actually match Exadata security policies and customer will need to get all further information from Exadata Oracle Support Team.

Please contact Exadata Oracle Support team to obtain further details

In example case Cell Nodes utilize cellwall to configure firewall rules - if cellwall service will get restarted it will wipe all settings added manually to /etc/sysconfig/iptables

Some changes are not even allowed on Exadata Cell/DB nodes hence even by adding some modification won't be supported and allowed - for more details please contact Exadata Oracle Support Team

Usually changes in pam.d or sshd_conf on both CELL/DB nodes will require usage of host_access_control - that's count for every OS configuration file which interact with User security and OS access policy

Example document used by EEST team to configure host_access_control:

host_access_control utility on Exadata database servers and storage cells (Doc ID 1600288.1)

References

This solution has no attachment