5 Replies Latest reply on Mar 21, 2011 2:15 PM by 849046

    VNCSERVER on OEL5 in Amazons Cloud

      Greetings -
      I have successfully deployed an OEL 5 image with Oracle (32-bit) in AWS.

      I can ssh via putty (with my putty gen converted key) successfully. I did have to set up port forward on 5901 in putty, and successfully access roots desktop.

      My question is: what steps can I take to access oracle's desktop ? Do I have to generate a pem for oracle, convert a copy via puttygen ?

      If I switch user to oracle in putty, and launch vncviewer, I get roots desktop? There is only a logout option, not logout and login as another user.

      Bottom line is, how can I access the graphical tools like dbca, installer, etc as they can't (and or shouldn't) be run as root?

      The Nets Edge
      -warning - I am a DBA not a linux admin, so please try and translate into DBA speak. :-) thanks
        • 1. Re: VNCSERVER on OEL5 in Amazons Cloud
          Herbert van den Bergh-Oracle
          I'm not familiar with EC2, but there are many ways you can achieve what you need. You can login to your remote server as oracle, and start another vncserver. This will get the next available port number (most likely ip port 5902, vnc port :2), so you'll need to setup a second ssh tunnel to connect to it via your putty connection.

          Or you can cp /root/.Xauthority to /home/oracle/.Xauthority, and chown oracle /home/oracle/.Xauthority, so oracle user is allowed to connect to the root user display. Also remember to set DISPLAY=:1 in oracle's environment.

          Or as root, run xhost +, which allows anyone anywhere to connect to root's X display (not terribly secure).

          Or as root, ssh -X oracle@localhost, and oracle's X connections will be tunneled via a local ssh connection to the root X display.

          Want more options? ;-)
          • 2. Re: VNCSERVER on OEL5 in Amazons Cloud
            Herb -
            thanks, I may need more options. On aws their is an external firewall, but that's not big deal. I can open it up for any ports I need. Pretty simple there.

            but...the somehome setup default security so you can only ssh to root, no password, but a putty converted ppk file (converted from the server pem file.) once there, you can su - oracle. once oracle, you can even su - back to root, with the root password. but you cannot ssh to oracle directly, else I don't think I'd have this issue.

            I have to put a port forward into ssh config for 5901 for vncserver to work. Apparently, it's data needs a ride, so it uses ssh to get there.

            I wil try your suggestions, but I seem to have another bit of a stumbling block. When I try and run the graphical user tool, it refuses, stating a missmatch between etc/password and shadow password, or etc groups and shadow groups file. After a cursory look, I didn't detect anything, but I'll look further into as soon as I can.

            Busy week, and weekend, as I am doing yet another data refresh from a production database to a non-prod database all weekend, cuz it has to be done by monday. Everythings a crisis, don't you know.

            Thanks though - and I'll get back to you as soon as I can.

            Nets Edge
            • 3. Re: VNCSERVER on OEL5 in Amazons Cloud
              if you used the oracle image from oracle, a database is setup when you first logged on as root. This includes the creation of the oracle user.

              by default, the amazon firewall is only opened at the ssh port for the ip address which started the image.

              a possible solution is to modify ssh to allow password authentication, and set a password for the oracle user. if you've done that, you can logon to the system as oracle, and use X tunneling.

              if logged on as oracle, you startup the vnc server.

              please mind vnc is quite a terrible solution. look at nomachine/nx or neatx from google code.

              if started, the amazon firewall isn't altered, so you can not reach the vnc server directly. use ssh tunneling to tunnel the ssh port to your client.
              • 4. Re: VNCSERVER on OEL5 in Amazons Cloud
                Ultimately this was correct. I don't need to use it frequently, only if I choose to use graphical tools.

                My solution was very similar. What was happening was, although I su - oracle then start the vncserver, I was still getting root's desktop.

                I did not want to open it for password authentication for user Oracle, as that is considered insecure.

                I copied roots .ssh directory to oracle, changed ownership. After ensuring permissions were perfect, I updated /etc/ssh/sshd_config adding the line:
                AllowUsers root oracle

                bang - I could ssh to Oracle with the putty key, just like I could initially with root. Now when starting a single vncserver, I get to the appropriate desktop, although it's not a desktop, really. Just has xterm on a gray screen, but good enough.

                Oddly, when I was playing with the 64bit image on a large server, the same trick gave me Oracle's real desktop, with wallpaper and all the condiments.

                It seems something is a bit amiss with the 32-bit image ( EE) - not really surprised though, as it's only 1.7gb ram

                Thanks though
                • 5. Re: VNCSERVER on OEL5 in Amazons Cloud

                  Congratulations to your success on Oracle in AWS. I have problems to use PuTTY to connect Oracle in AWS.
                  1. Do you need to specify ports (1158, 1521, etc.) when you launch Oracle 11g DB in AWS?
                  2. Do you need to set up a SSH Tunnel in PuTTY in order to connect to Oracle in AWS?
                  3. Do you have any document to show step-by-step setup on both AWS Oracle and PuTTY?

                  Thank you in advance for your help.