Oracle Database on Docker - Best Practices

Best practices for
running
Oracle Database
on Docker

Gerald Venzl
Senior Principal Product Manager
Oracle Database Development
Twitter: @GeraldVenzl

Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
What is Docker?
• A software container platform
• Originated from Linux / Linux Containers
– Also available on Windows and Mac OS X
• Part of the Linux Open Container Initiative (OCI)
– Part of Open Source Linux
• Editions:
– Commercial Edition (EE) – Sold by Docker Corp
– Community Edition (CE) – Part of Open Source Linux

What is Docker?
• docker-engine: The engine running containers
• Images: Collection of software to be run as a container
• Containers: A container on the Linux host
• Registry: Place to store and download images
• Volumes: Place to persist data outside the container
Terminology

Docker Key Components
Source: https://docs.docker.com/engine/docker-overview/
• Registry
• Images
• Containers
• Docker
daemon/engine

Docker Key Components - Volumes
Source: https://docs.docker.com/engine/docker-overview/
• Registry
• Images
• Containers
• Docker
daemon/engine

What is Docker?
• Containers are non-persistent
– Once a container is deleted, all files inside that container are gone
Concepts

What is Docker?
• Images are immutable
– Changes to an image require to build a new image
– Data to be persisted has to be stored in volumes
Concepts

What is Docker?
• Images are immutable
– Changes to an image require to build a new image
– Data to be persisted has to be stored in volumes
• Containers are spun up from images
Concepts

Why is Docker cool?
• Abstracts virtual environment (container) creation
into simple steps:
– docker create …
– docker run …
– docker rm …
• Runs directly on the Linux kernel (cgroups)
– Avoids the hypervisor overhead

Why is Docker actually cool?

• Allows abstraction of environments into images

• Allows creation of hierarchical images

• Allows creation of hierarchical images
• Supports multi-layered image registries

Oracle MTO & Docker
App B App CApp A
App A App B App C

Oracle Database on Docker
• Oracle Database is fully supported on Docker
– Oracle Linux 7 - UEK 4
– Red Hat Enterprise Linux 7
• Oracle images on Oracle Container Registry & Docker Store
• Docker build files on GitHub
• RAC is not supported

Oracle Database on Docker
• Docker container contains single-PDB CDB (no MTO license required)
• PDB can be plugged, unplugged, etc.
• PDB can move bi-directional

BEST
PRACTICES

Oracle DB and Docker best practices
• Containers are not VMs!

– No need to log into a container

– If you need to change something within the container  build a new image

– If you need to change something within the container  build a new image
– Example: Patching

• Use the latest Docker version but please, please, please, at least Docker
17.06

17.06
• 115 bugs fixed in the last year, 24 bug fixes in 17.06 alone

17.06
Step 16/17 : HEALTHCHECK --interval=1m --start-period=5m
CMD "$ORACLE_BASE/$CHECK_DB_FILE" >/dev/null || exit 1
Unknown flag: start-period There was an error building the
image.

17.06
Step 16/17 : HEALTHCHECK --interval=1m --start-period=5m
CMD "$ORACLE_BASE/$CHECK_DB_FILE" >/dev/null || exit 1
Unknown flag: start-period There was an error building the
image.
• Healthcheck start-period introduced in 17.05 (Github issue #632)

• Use docker-engine on Oracle Linux

• Fully supported by Oracle via Oracle Linux support

• Oracle Linux and docker-engine are fully free of charge for Oracle DB

• Docker Corp only provides Docker EE for Oracle Linux (and Red Hat)

• Docker Corp only provides Docker EE for Oracle Linux (and Red Hat)
• More recent docker-engine releases are in the “preview” yum repo

• Use btrfs (Oracle recommended) or overlay2 storage drivers

• overlay (Github issue #432)
bash-4.2# ls -ltr install
ls: cannot access install/checkSpace.sh: No such file or directory
ls: cannot access install/installDBBinaries.sh: No such file or directory
ls: cannot access install/installPerl.sh: No such file or directory
ls: cannot access install/setupLinuxEnv.sh: No such file or directory
ls: cannot access install/db_inst.rsp: No such file or directory
total 0
?????????? ? ? ? ? ? setupLinuxEnv.sh
?????????? ? ? ? ? ? installPerl.sh
?????????? ? ? ? ? ? installDBBinaries.sh
?????????? ? ? ? ? ? db_inst.rsp
?????????? ? ? ? ? ? checkSpace.sh
bash-4.2#

• aufs (Github issue #317)
mv: cannot move '/install/xe.rsp' to a subdirectory of itself,
'/u01/app/oracle/xe.rsp'**
Removing intermediate container 1dc7135ca679
The command 'mv $INSTALL_DIR/$CONFIG_RSP $ORACLE_BASE/ && mv
$INSTALL_DIR/$RUN_FILE ' returned a non-zero code: 1 There was an error
building the image.

• Do not use btrfs for data files storage

• B-tree filesystem

• Copy-on-write functionality

• Transparent compression

• Really not a good fit for your redo and undo

• Also not really a good fit for data files either

• Also not really a good fit for data files either
• Github issue #647

• Kernel parameters are global

• You will have to set the kernel parameters correctly
– Considering each container
– On each Docker host those containers might run

sysctl: setting key "kernel.sem": Read-only file system
sysctl: setting key "fs.file-max": Read-only file system
Executing post-install steps... You must run '/etc/init.d/oracle-xe
configure' as the root user to configure the database.

• Can set them if the container runs in privileged mode, i.e. access
to the entire machine
sysctl: setting key "kernel.sem": Read-only file system
sysctl: setting key "fs.file-max": Read-only file system
Executing post-install steps... You must run '/etc/init.d/oracle-xe
configure' as the root user to configure the database.

• SELinux policies are global

• SELinux policies are global
• You will have to set SELinux policies correctly

• /dev/shm mounted with no exec rights (and only 64MB by default)

• No native compiled PL/SQL

• No Java stored procedures

• No Automatic Memory Management

• …

• …
• docker run -v /dev/shm --tmpfs
/dev/shm:rw,nosuid,nodev,exec,size=1g ...

Docker volumes

• Docker volumes contain data that should be persisted throughout a
container’s lifespan

• Examples are:

• Examples are:
– Configuration files

• Examples are:
– Log files

• Examples are:
– Log files
– Database files

• Examples are:
– Log files
– Database files
• Files inside a container are owned by the UID of the container’s user.

• Examples are:
– Log files
– Database files
– UID: 54321 for the oracle Unix user

• Examples are:
– Log files
– Database files
– UID: 54321 for the oracle Unix user
– Can be mapped to another UID with named volumes

Docker Key Components - Volumes

• Three ways to create Docker volumes:

• Anonymous volumes (no name specified)

• Named volumes (a volume referred to by name)

• Named volumes (a volume referred to by name)
• Host-only volume (a location on the host)

Anonymous volumes

• Are automatically created by Docker as soon as there is a VOLUME
instruction present in the Dockerfile
Anonymous volumes

• Are not easily reusable across containers (you know, anonymous!)
Anonymous volumes

• Are not easily reusable across containers (you know, anonymous!)
Anonymous volumes
"Type": "volume",
"Name":
"7a27a94df5192a20ec6a07502be9a2163faaa150e0076505937578ce785d5376",
"Source":
"/var/lib/docker/volumes/7a27a94df5192a20ec6a07502be9a2163faaa150e0076505937
578ce785d5376/_data",
"Destination": "/opt/oracle/oradata"

Named volumes

• Are explicitly created by the user using docker volume create
Named volumes

Named volumes
[oracle@localhost ~]$ docker volume create GeraldVol1
GeraldVol1
[oracle@localhost ~]$ docker volume inspect GeraldVol1
"Mountpoint": "/var/lib/docker/volumes/GeraldVol1/_data",
"Name": "GeraldVol1",

• Are great for making volumes specific
Named volumes
GeraldVol1

• Transparently copy data from the image into the volume first!
Named volumes
GeraldVol1

• Transparently copy data from the image into the volume first!
• But…
Named volumes
GeraldVol1

• Hold data in /var/lib/docker/volumes
Named volumes

• Is usually owned by root
Named volumes

• Contains all volumes of all containers
Named volumes

– Do you really want to give a user root access?
Named volumes

– Do you really want to give a user root access?
– Do you really want to give a user access to all volumes?
Named volumes

Host-only volumes

• Are created by specifying a location on the host
– docker run –v /home/gerald/volumes:…
Host-only volumes

• Offer great flexibility where exactly volume data is being put
Host-only volumes

• Offer great flexibility where exactly volume data is being put
• But…
Host-only volumes

• Do not transparently copy data from the image into volume first!
Host-only volumes

• Have a static absolute path
Host-only volumes

• You have to set permissions on the file system accordingly first!
Host-only volumes

• You have to set permissions on the file system accordingly first!
• They are “host-only”, i.e not cluster aware (other than being put on a
SAN)
Host-only volumes

• VOLUME instructions can’t be removed in child images.
Docker volumes

• New --mount option was introduced with 17.06
Docker volumes

• New --mount option was introduced with 17.06
– Allows passing on of multiple key/value pairs
Docker volumes

UNKNOWN
UNKNOWNS

• Github issue #601 – database is extremely slow
– PGA memory operation: Wait event for mmap and munmap Unix kernel
operations
Unknown unknowns

operations
– ?
Unknown unknowns

operations
– ?
• Github issue #525 – unable to connect / as sysdba when using
volumes on Windows 10
Unknown unknowns

operations
– ?
– ?
Unknown unknowns

operations
– ?
– ?
• Github issue #610 – “It was neither docker, nor Oracle scripts. The problem was
in CPU overclock which led to unstable executing of cp and unzip commands.
Restoring the original clock solved the problem.”
Unknown unknowns

operations
– ?
– ?
• Github issue #610 – “It was neither docker, nor Oracle scripts. The problem was
in CPU overclock which led to unstable executing of cp and unzip commands.
Restoring the original clock solved the problem.” ¯_(ツ)_/¯
Unknown unknowns

Last but not least

Remember

• Use btrfs for Docker filesystem
Remember

• Use regular recommended filesystem for database files (ext4, xfs, etc)
– ASM is not supported!
Remember

• Use database features whenever possible
– resource manager, encryption, compression, etc.
Remember

• Use database features whenever possible
– resource manager, encryption, compression, etc.
• Stop database containers gracefully
– Allow for higher timeout
Remember

• PDBs can be plugged in and out of containers
– Great for patching
– Great for upgrade
– Great for placement flexibility
Oracle MTO & Docker – a great synergy

Best practices for
running
Oracle Database
on Docker

Oracle Database on Docker - Best Practices

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Oracle Database on Docker - Best Practices

Semelhante a Oracle Database on Docker - Best Practices (20)

Mais de gvenzl

Mais de gvenzl (6)

Último

Último (20)

Oracle Database on Docker - Best Practices