Provision Google Compute Engine instances for Google Cloud NetApp Volumes
Provision Google Compute Engine virtual machines to host Oracle Database 26ai on Google Cloud NetApp Volumes iSCSI storage. This procedure covers creating the primary and standby database hosts and the Fast-Start Failover Observer VM, configuring VPC firewall rules for Oracle Net, setting up hostname resolution, preparing the OS, and capturing iSCSI initiator names for GCNV storage provisioning.
Step 1: Create the VMs
Create three Google Compute Engine VMs in different zones of the same region for zonal failure isolation. Use the Cloud Console, gcloud, Terraform, or your standard provisioning workflow.
-
Create the three VMs with the specifications shown in the table below.
Prefer a lower-carbon region for TCO and sustainability where it meets latency and compliance needs (for example
us-west1vsus-central1):VM Zone Machine type Boot disk Network Purpose oracdb1us-west1-an4-highmem-8(sample) orc4-standard-*OL 10, 50 GB Hyperdisk Balanced (OS only)
oracle-vpc/oracle-subnet, gVNICPrimary DB
oracdb2us-west1-bSame as primary
OL 10, 50 GB Hyperdisk Balanced (OS only)
Same
Standby DB
oradg-obsus-west1-ce2-mediumOL 10, 20 GB Hyperdisk Balanced
Same
FSFO Observer (Instant Client only)
Use Premium network tier when latency or egress (>~200 GiB/month) matters; use Standard for lower TCO in dev/test.
-
Enable Shielded VM features and verify the boot disk configuration:
Enable Secure Boot, vTPM, and Integrity Monitoring on all three VMs.
The boot disk holds the OS only.
/u01, Grid/DB homes, staging, and all ASM data use GCNV iSCSI volumes (see Provision GCNV iSCSI volumes)Do not attach a separate GCE data disk for
/u01.
Step 2: Configure VPC firewall for TCP 1521
Create VPC firewall rules to allow TCP/1521 between all three VMs for Oracle Net redo transport and Observer connectivity. Missing rules break Data Guard replication.
-
Create a VPC firewall ingress rule to allow TCP/1521 between all three VM internal IPs. Use VPC firewall rules or Firewall Policies with the same allowlist:
Cloud Console: VPC network → Firewall → Create rule
allow-oracle-net-dbhostsonoracle-vpc— Ingress, Allow, sources = three/32IPs, TCP 1521. Mirror egress if required. -
Validate connectivity from each VM to verify the firewall rules are in place:
sudo dnf install -y nmap-ncat for tgt in <oracdb1-ip> <oracdb2-ip> <oradg-obs-ip>; do nc -zv -w 5 "$tgt" 22 nc -zv -w 5 "$tgt" 1521 donePort Expected Meaning 22Connected
SSH path works
1521Connection refused
Firewall open; Grid listener starts during Step 1: Install Oracle Grid Infrastructure (Oracle Restart) on each DB host
Either
Timeout
Fix firewall or routing
Run from all three VMs toward each peer IP.
Step 3: Configure hostname, DNS, and /etc/hosts
Configure hostname and DNS resolution on all three VMs so forward and reverse name resolution works for Oracle Net, the Data Guard Broker, and the Observer.
-
Set the hostname and add
/etc/hostsentries on all three hosts. Substitute the GCE internal IP addresses (visible in the Compute Engine → VM instances list, Internal IP column):# Run on each VM, substituting the local short name (oracdb1, oracdb2, oradg-obs) sudo hostnamectl set-hostname <this-host>.example.internal # Run on every VM (same content) sudo tee -a /etc/hosts >/dev/null <<EOF # Oracle DG peers + FSFO Observer <oracdb1-ip> oracdb1.example.internal oracdb1 <oracdb2-ip> oracdb2.example.internal oracdb2 <oradg-obs-ip> oradg-obs.example.internal oradg-obs EOF -
Validate name resolution from each host:
ping -c 1 oracdb1 && ping -c 1 oracdb2 && ping -c 1 oradg-obs
Step 4: Prepare the OS on DB hosts only
Prepare the OS on oracdb1 and oracdb2 for Oracle Database 26ai by installing the preinstall package, creating users and groups, installing iSCSI and multipath packages, and configuring the iSCSI initiator. Observer setup is covered in Step 4: Install Oracle Instant Client on the Observer host.
|
|
Prerequisite: Outbound HTTPS to |
-
Install the Oracle Database preinstall package, create the
griduser and ASM groups, and add theoracleuser to ASM groups:# Oracle 26ai preinstall (package name varies by repo) sudo dnf install -y oracle-ai-database-preinstall-26ai \ || sudo dnf install -y oracle-database-preinstall-26ai \ || sudo dnf install -y oracle-database-preinstall-23ai # grid user + asm groups sudo groupadd -g 54327 asmadmin; sudo groupadd -g 54328 asmdba; sudo groupadd -g 54329 asmoper sudo useradd -u 54322 -g oinstall -G dba,oper,asmadmin,asmdba,asmoper grid sudo passwd -l grid; sudo passwd -l oracle sudo usermod -a -G asmdba,asmadmin oracle -
Install iSCSI, multipath, and JDK packages, then verify THP and time synchronization:
sudo dnf install -y iscsi-initiator-utils device-mapper-multipath sg3_utils \ java-21-openjdk-headless libxcrypt-compat # THP and time cat /sys/kernel/mm/transparent_hugepage/enabled # expect [never] timedatectl chronyc tracking -
Configure SELinux, firewall, and iSCSI initiator settings, then reboot:
Security posture (OL 10): The commands below set SELinux to permissive and disable
firewalld. This is a minimal lab posture only. For hardened SELinux and firewall configuration, consult your organization's security baseline.sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config sudo systemctl disable --now firewalld sudo cp -n /etc/iscsi/iscsid.conf /etc/iscsi/iscsid.conf.orig sudo sed -i '/^[#[:space:]]*node\.session\.timeo\.replacement_timeout/d' /etc/iscsi/iscsid.conf echo "node.session.timeo.replacement_timeout = 120" | sudo tee -a /etc/iscsi/iscsid.conf sudo systemctl enable --now iscsid sudo reboot
Step 5: Capture the iSCSI initiator name IQN
Capture the iSCSI initiator name (IQN) from each database host after the reboot. You will use these IQNs to create the GCNV host groups in Step 2: Create the host groups.
-
Capture the IQN from
oracdb1and record it:sudo cat /etc/iscsi/initiatorname.iscsi # InitiatorName=iqn.1994-05.com.redhat:abc123def456 -
Repeat on
oracdb2and record its IQN. Use one host group per host so a single host's reboot or IQN regeneration cannot affect another host's GCNV iSCSI volume visibility:Cloned VMs: If both hosts share the same IQN, regenerate on
oracdb2(stopiscsi, clear/var/lib/iscsi/nodes/*, newInitiatorNamein/etc/iscsi/initiatorname.iscsi, restartiscsid).
What's next?
To provide shared storage for Oracle binaries and ASM disk groups, go to Provision Google Cloud NetApp Volumes iSCSI pools, host groups, and volumes.