Oracle Database 10.2.0.4以降のEnterprise Manager

Oracle

Oracle 10g PSR10.2.0.4.0以降(11gも同様)では、OEM(Oracle Enterptise Manager)への通信プロトコルが、HTTPだけではなくHTTPSにも対応する。DBCA(Dabase Configuration Assistant)によるインスタンス作成時、終盤の処理でHTTPでのOEM接続用に鍵が生成されるが、ここで警告が発生するケースがあったため、備忘録的な意味で記しておく。(※プラットフォームはLinux)

対処方法

  • oracleユーザにsuしORACLE_SIDがセットされていることを必ず確認



# su - oracle

$ echo $ORACLE_SID

SHIBA10G

  • dbconsoleを停止



$ emctl stop dbconsole

TZ set to Japan

Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0  

Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.

http://shibainu55:1158/em/console/aboutApplication

Stopping Oracle Enterprise Manager 10g Database Control ... 

...  Stopped.

  • リスナーを起動(これを忘れると後続のコマンドがエラーになる)



$ lsnrctl start

  • 鍵を生成



$ emctl config emkey -repos -sysman_pwd 

TZ set to Japan

Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0  

Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
The Em Key has been configured successfully.

  • ちなみにリスナーを起動せずに実行すると以下のエラーとなる



$ emctl config emkey -repos -sysman_pwd 

TZ set to Japan

Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0  

Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
Invalid Password

caught Exception java.sql.SQLException: I/O例外です。

: The Network Adapter could not establish the connection

  • dbconsoleに鍵を登録、config



$ emctl secure dbconsole -sysman_pwd 

TZ set to Japan

Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0  

Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.

http://shibainu55:1158/em/console/aboutApplication

DBCONSOLE already stopped...   Done.

Agent is already stopped...   Done.

Securing dbconsole...   Started.

Checking Repository...   Done.

Checking Em Key...   Done.

Checking Repository for an existing Enterprise Manager Root Key...   Done.

Generating Enterprise Manager Root Key (this takes a minute)...   Done.

Fetching Root Certificate from the Repository...   Done.

Updating HTTPS port in emoms.properties file...   Done.

Generating Java Keystore...   Done.

Securing OMS ...   Done.

Generating Oracle Wallet Password for Agent....   Done.

Generating wallet for Agent ...    Done.

Copying the wallet for agent use...    Done.

Storing agent key in repository...   Done.

Storing agent key for agent ...   Done.

Configuring Agent... 

Configuring Agent for HTTPS in DBCONSOLE mode...   Done.

EMD_URL set in /opt/oracle/product/10.2.0/db_1/shibainu55_SHIBA10G/sysman/config/emd.properties

Done.

Configuring Key store..   Done.

Securing dbconsole...   Sucessful.

  • dbconsoleを起動(ここは普通どおりでOK)



$ emctl start dbconsole


  • EMの鍵を保護するには、以下の操作を行う



$ emctl config emkey -remove_from_repos -sysman_pwd