2.4 Using Oracle ORAchk and Oracle EXAchk to Manually Generate Compliance Check Reports
This section explains the procedures to manually generate compliance check reports.
- Running Compliance Checks On-Demand
Usually, compliance checks run at scheduled intervals. However, Oracle recommends that you run compliance checks on-demand when needed. - Running Compliance Checks in Silent Mode
Run compliance checks automatically by scheduling them with the Automated Daemon Mode operation. - Running On-Demand With or Without the Daemon
When running on-demand, if the daemon is running, then the daemon answers all prompts where possible including the passwords. - Generating a Diff Report
The diff report attached to the previous email notification shows a summary of differences between the most recent runs. - Sending Results by Email
Optionally email the HTML report to one or more recipients using the–sendemail
option.
Parent topic: Analyzing Risks and Complying with Best Practices
2.4.1 Running Compliance Checks On-Demand
Usually, compliance checks run at scheduled intervals. However, Oracle recommends that you run compliance checks on-demand when needed.
Examples of when you must run compliance checks on-demand:
-
Pre- or post-upgrades
-
Machine relocations from one subnet to another
-
Hardware failure or repair
-
Problem troubleshooting
-
In addition to go-live testing
$ ./orachk
$ ./exachk
Note:
To avoid problems while running the tool from terminal sessions on a network attached workstation or laptop, consider running the tool using VNC. If there is a network interruption, then the tool continues to process to completion. If the tool fails to run, then re-run the tool. The tool does not resume from the point of failure.
Output varies depending on your environment and options used:
-
The tool starts discovering your environment
-
If you have configured passwordless SSH equivalency, then the tool does not prompt you for passwords
-
If you have not configured passwordless SSH for a particular component at the required access level, then the tool prompts you for password
-
If the daemon is running, then the commands are sent to the daemon process that answers all prompts, such as selecting the database and providing passwords
-
If the daemon is not running, then the tool prompts you for required information, such as which database you want to run against, the required passwords, and so on
-
The tool investigates the status of the discovered components
Note:
If you are prompted for passwords, then the Expect utility runs when available. In this way, the passwords are gathered at the beginning, and the Expect utility supplies the passwords when needed at the root password prompts. The Expect utility being supplying the passwords enables the tool to continue without the need for further input. If you do not use the Expect utility, then closely monitor the run and enter the passwords interactively as prompted.
Without the Expect utility installed, you must enter passwords many times depending on the size of your environment. Therefore, Oracle recommends that you use the Expect utility.
While running pre- or post-upgrade checks, Oracle ORAchk and Oracle EXAchk automatically detect databases that are registered with Oracle Clusterware and presents the list of databases to check.
Run the pre-upgrade checks during the upgrade planning phase. Oracle ORAchk and Oracle EXAchk prompt you for the version to which you are planning to upgrade:$ ./orachk –u –o pre
$ ./exachk –u –o pre
After upgrading, run the post-upgrade checks:$ ./orachk –u –o post
$ ./exachk –u –o post
-
The tool starts collecting information across all the relevant components, including the remote nodes.
-
The tool runs the compliance checks against the collected data and displays the results.
-
After completing the compliance check run, the tool points to the location of the detailed HTML report and the
.zip
file that contains more output.
2.4.2 Running Compliance Checks in Silent Mode
Run compliance checks automatically by scheduling them with the Automated Daemon Mode operation.
Note:
Silent mode operation is maintained for backwards compatibility for the customers who were using it before the daemon mode was available. Silent mode is limited in the checks it runs and Oracle does not actively enhance it any further.
Running compliance checks in silent mode using the -s
option
does not run any checks on the storage servers and switches.
Running compliance checks in silent mode using the -S
option excludes checks on database server that require root
access.
Also, does not run any checks on the storage servers and database servers.
To run compliance checks silently, configure passwordless SSH equivalency. It is not required to run remote checks, such as running against a single-instance database.
When compliance checks are run silently, output is similar to that described in On-Demand Mode Operation.
Note:
If not configured to run in silent mode operation on an Oracle Engineered System, then the tool does not perform storage server or InfiniBand switch checks.
Including Compliance Checks that Require root Access
Run as root
or configure sudo
access to run compliance checks in silent mode and include checks that require root
access.
root
access,
use the –s
option followed by other required
options:$ orachk –s
$ exachk –s
Excluding Compliance Checks that Require root Access
root
access,
use the –S
option followed by other required
options:$ orachk –S
$ exachk –S
2.4.3 Running On-Demand With or Without the Daemon
When running on-demand, if the daemon is running, then the daemon answers all prompts where possible including the passwords.
To run health checks on-demand with or without the daemon:
Note:
Daemon mode is supported only on the Linux and Solaris operating systems.
Note:
If you are running database pre-upgrade checks (-u –o pre
) and if the daemon is running, then you must use the –nodaemon
option.
2.4.4 Generating a Diff Report
The diff report attached to the previous email notification shows a summary of differences between the most recent runs.
To identify the changes since the last run: