Skip to main content
NetApp database solutions

Provision Google Compute Engine instances for Google Cloud NetApp Volumes

Contributors netapp-jsnyder

Provision Google Compute Engine virtual machines to host Oracle Database 26ai on Google Cloud NetApp Volumes iSCSI storage. This procedure covers creating the primary and standby database hosts and the Fast-Start Failover Observer VM, configuring VPC firewall rules for Oracle Net, setting up hostname resolution, preparing the OS, and capturing iSCSI initiator names for GCNV storage provisioning.

Step 1: Create the VMs

Create three Google Compute Engine VMs in different zones of the same region for zonal failure isolation. Use the Cloud Console, gcloud, Terraform, or your standard provisioning workflow.

  1. Create the three VMs with the specifications shown in the table below.

    Prefer a lower-carbon region for TCO and sustainability where it meets latency and compliance needs (for example us-west1 vs us-central1):

    VM Zone Machine type Boot disk Network Purpose

    oracdb1

    us-west1-a

    n4-highmem-8 (sample) or c4-standard-*

    OL 10, 50 GB Hyperdisk Balanced (OS only)

    oracle-vpc / oracle-subnet, gVNIC

    Primary DB

    oracdb2

    us-west1-b

    Same as primary

    OL 10, 50 GB Hyperdisk Balanced (OS only)

    Same

    Standby DB

    oradg-obs

    us-west1-c

    e2-medium

    OL 10, 20 GB Hyperdisk Balanced

    Same

    FSFO Observer (Instant Client only)

    Use Premium network tier when latency or egress (>~200 GiB/month) matters; use Standard for lower TCO in dev/test.

  2. Enable Shielded VM features and verify the boot disk configuration:

    Enable Secure Boot, vTPM, and Integrity Monitoring on all three VMs.

    The boot disk holds the OS only. /u01, Grid/DB homes, staging, and all ASM data use GCNV iSCSI volumes (see Provision GCNV iSCSI volumes)

    Do not attach a separate GCE data disk for /u01.

Step 2: Configure VPC firewall for TCP 1521

Create VPC firewall rules to allow TCP/1521 between all three VMs for Oracle Net redo transport and Observer connectivity. Missing rules break Data Guard replication.

  1. Create a VPC firewall ingress rule to allow TCP/1521 between all three VM internal IPs. Use VPC firewall rules or Firewall Policies with the same allowlist:

    Cloud Console: VPC network → Firewall → Create rule allow-oracle-net-dbhosts on oracle-vpc — Ingress, Allow, sources = three /32 IPs, TCP 1521. Mirror egress if required.

  2. Validate connectivity from each VM to verify the firewall rules are in place:

    sudo dnf install -y nmap-ncat
    
    for tgt in <oracdb1-ip> <oracdb2-ip> <oradg-obs-ip>; do
      nc -zv -w 5 "$tgt" 22
      nc -zv -w 5 "$tgt" 1521
    done
    Port Expected Meaning

    22

    Connected

    SSH path works

    1521

    Connection refused

    Firewall open; Grid listener starts during Step 1: Install Oracle Grid Infrastructure (Oracle Restart) on each DB host

    Either

    Timeout

    Fix firewall or routing

    Run from all three VMs toward each peer IP.

Step 3: Configure hostname, DNS, and /etc/hosts

Configure hostname and DNS resolution on all three VMs so forward and reverse name resolution works for Oracle Net, the Data Guard Broker, and the Observer.

  1. Set the hostname and add /etc/hosts entries on all three hosts. Substitute the GCE internal IP addresses (visible in the Compute Engine → VM instances list, Internal IP column):

    # Run on each VM, substituting the local short name (oracdb1, oracdb2, oradg-obs)
    sudo hostnamectl set-hostname <this-host>.example.internal
    
    # Run on every VM (same content)
    sudo tee -a /etc/hosts >/dev/null <<EOF
    
    # Oracle DG peers + FSFO Observer
    <oracdb1-ip>    oracdb1.example.internal    oracdb1
    <oracdb2-ip>    oracdb2.example.internal    oracdb2
    <oradg-obs-ip>  oradg-obs.example.internal  oradg-obs
    EOF
  2. Validate name resolution from each host:

    ping -c 1 oracdb1 && ping -c 1 oracdb2 && ping -c 1 oradg-obs

Step 4: Prepare the OS on DB hosts only

Prepare the OS on oracdb1 and oracdb2 for Oracle Database 26ai by installing the preinstall package, creating users and groups, installing iSCSI and multipath packages, and configuring the iSCSI initiator. Observer setup is covered in Step 4: Install Oracle Instant Client on the Observer host.

Note

Prerequisite: Outbound HTTPS to yum.oracle.com (Cloud NAT or internal mirror on private subnets).

  1. Install the Oracle Database preinstall package, create the grid user and ASM groups, and add the oracle user to ASM groups:

    # Oracle 26ai preinstall (package name varies by repo)
    sudo dnf install -y oracle-ai-database-preinstall-26ai \
      || sudo dnf install -y oracle-database-preinstall-26ai \
      || sudo dnf install -y oracle-database-preinstall-23ai
    
    # grid user + asm groups
    sudo groupadd -g 54327 asmadmin; sudo groupadd -g 54328 asmdba; sudo groupadd -g 54329 asmoper
    sudo useradd -u 54322 -g oinstall -G dba,oper,asmadmin,asmdba,asmoper grid
    sudo passwd -l grid; sudo passwd -l oracle
    sudo usermod -a -G asmdba,asmadmin oracle
  2. Install iSCSI, multipath, and JDK packages, then verify THP and time synchronization:

    sudo dnf install -y iscsi-initiator-utils device-mapper-multipath sg3_utils \
      java-21-openjdk-headless libxcrypt-compat
    
    # THP and time
    cat /sys/kernel/mm/transparent_hugepage/enabled   # expect [never]
    timedatectl
    chronyc tracking
  3. Configure SELinux, firewall, and iSCSI initiator settings, then reboot:

    Note

    Security posture (OL 10): The commands below set SELinux to permissive and disable firewalld. This is a minimal lab posture only. For hardened SELinux and firewall configuration, consult your organization's security baseline.

    sudo setenforce 0
    sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
    sudo systemctl disable --now firewalld
    
    sudo cp -n /etc/iscsi/iscsid.conf /etc/iscsi/iscsid.conf.orig
    sudo sed -i '/^[#[:space:]]*node\.session\.timeo\.replacement_timeout/d' /etc/iscsi/iscsid.conf
    echo "node.session.timeo.replacement_timeout = 120" | sudo tee -a /etc/iscsi/iscsid.conf
    sudo systemctl enable --now iscsid
    
    sudo reboot

Step 5: Capture the iSCSI initiator name IQN

Capture the iSCSI initiator name (IQN) from each database host after the reboot. You will use these IQNs to create the GCNV host groups in Step 2: Create the host groups.

  1. Capture the IQN from oracdb1 and record it:

    sudo cat /etc/iscsi/initiatorname.iscsi
    # InitiatorName=iqn.1994-05.com.redhat:abc123def456
  2. Repeat on oracdb2 and record its IQN. Use one host group per host so a single host's reboot or IQN regeneration cannot affect another host's GCNV iSCSI volume visibility:

    Note

    Cloned VMs: If both hosts share the same IQN, regenerate on oracdb2 (stop iscsi, clear /var/lib/iscsi/nodes/*, new InitiatorName in /etc/iscsi/initiatorname.iscsi, restart iscsid).

What's next?

To provide shared storage for Oracle binaries and ASM disk groups, go to Provision Google Cloud NetApp Volumes iSCSI pools, host groups, and volumes.