Now that we finally have a complete complement of zero-cost Enterprise Linux 6.0 clones available, I thought it might be time to revisit the idea of building a very small, very lightweight Apache server using nothing but Centos (or Scientific Linux) 6.
My existing article on building such an Apache server uses Ubuntu as its base distro, because I know of nothing that has smaller minimum hardware requirements -but this is a bit annoying, because if you go on to use RHEL-clones for an Oracle server, you have to master both RPM-based and apt-get-based distros. Life would be a lot simpler if you could use the one distro for everything, wouldn’t it?
Well, that’s what I thought too, so here’s my recipe for Apache + PHP talking to an Oracle database with the entire software stack running on two virtual machines running Centos 6 or Scientific Linux 6.
Creating the Server
I won’t detail the actual construction of a suitable web-server-capable virtual machine or the installation of its operating system here. The Ubuntu-based article I mentioned before does that quite adequately, I think. There are a couple of Centos/Scientific-specific issues that arise, though.
First thing to note, then, is that you can’t install Centos 6 (or Scientific Linux 6) in a virtual machine that’s configured with less than 512MB of memory. You can run Centos 6 in just 128MB, but the installer will bomb out at those sorts of RAM allocations. So the basic rule is: install your OS when your VM has 512MB then shut the thing down, reduce the allocated RAM, and re-start.
Second, you only need the 32-bit version of Centos or Scientific: 64-bits for running a trivial web server are completely unnecessary. (Note that the Centos link there has been altered since this article was first written to point to the version 6.1 isos, since version 6.0 is no longer made generally available).
Third, if you’re using Scientific Linux, you’ll have to select to perform a minimal install. If you’re using Centos, that is the default option anyway.
Fourth: once the O/S is installed, make sure the network itself is working (see my last post on how to do this). It won’t be by default, so you need to edit the /etc/sysconfig/network-scripts/ifcfg-eth0 script to make it function properly.
Additionally, and very importantly, you should disable SELinux by editing the /etc/sysconfig/selinux configuration file. By default, it will have a line that says SELINUX=enforcing. Change that to read SELINUX=disabled. You can’t get PHP talking to an Oracle database without doing this. Reboot to make the change take effect.
Finally, the commands you want to install the relevant Apache/PHP software bits and pieces are:
yum -y install httpd php nano unzip make yum -y install gcc wget openssh php-devel php-pear libaio
The ‘httpd’ bit is the name for the Apache package itself; the other bits and pieces allow Apache to serve up something useful later on!
Configuring the Server
You first need to start the Apache service:
service httpd start
If you ever need to re-start the service (to pick up configuration changes, etc), the command is:
service httpd restart
To make the Apache bits start automatically at every reboot, issue this command:
chkconfig --level 23 httpd on
By default, despite having done all of the above, you won’t be able to connect to your new server from a remote browser: Centos/Scientific slap a firewall on that blocks access. You can completely disable the firewall with the command:
service iptables stop
That only works per re-boot, though, so to switch the firewall off completely, use this:
chkconfig iptables off
The more subtle approach, of course, would be to reconfigure the firewall to allow http traffic through -but that’s beyond the scope of this article and, in any case, I don’t need a firewall when I’m connecting one internal VM to another, so it’s probably overkill at this stage. If you insist on this approach, however, the advice given here would seem useful.
You’ll now be in a position to check that everything is working fine, provided you know your web server’s IP address. Assuming it’s 192.168.0.37 for the moment, then visiting http://192.168.0.37 in a remote browser should net you some sort of “it’s working” page (the Centos version is quite elaborate and is entitled “Apache 2 Test Page”; Scientific’s equivalent is a barebones “it works!” message).
You’ll also need to check that PHP is working OK, and for that I suggest you create a file called phpdata.php in the /var/www/html directory containing the following:
<?php phpinfo(); ?>
…which is just the code needed to display PHP’s configuration data. Then you can visit http://192.168.0.37/phpdata.php and you should see this sort of result:
Connecting the Server to an Oracle database
Installing OCI8 so that you can connect to Oracle via Apache is pretty much the same process as for Ubuntu:
Copy both the instantclient-basic and instantclient-sdk packages (available from the OTN website) to /var/www/html using something like Filezilla. As root, unzip both packages and create a necessary symbolic link:
cd /var/www/html unzip instantclient-basic-linux32-11.2.0.2.0.zip unzip instantclient-sdk-linux32-11.2.0.2.0.zip cd instantclient_11_2 ln -s libclntsh.so.11.1 libclntsh.so
Download the relevant OCI8 library (the version numbers are specific, so check http://pecl.php.net/package/oci8 to make sure you get the latest):
cd /var/www/html wget http://pecl.php.net/get/oci8-1.4.5.tgz
Install that new download:
pecl install oci8-1.4.5.tgz
This last command will prompt you to specify “the path to the ORACLE_HOME directory…”. At this point, you type in the following:
instantclient,/var/www/html/instantclient_11_2
…which tells the installer (a) that you’re using the instant client and not a full-blown Oracle client; and (b) that the path to the instant client files is /var/www/html/instantclient_11_2. Note that there are no spaces in any of that lot: just a comma separates the two components.
Finish off with some final configuration steps:
echo extension=oci8.so >> /etc/php.d/oci8.ini echo /var/www/html/instantclient_11_2 >> /etc/ld.so.conf ldconfig echo ORACLE_HOME=/var/www/html/instantclient_11_2 >> /etc/profile export ORACLE_HOME=/var/www/html/instantclient_11_2 service httpd restart
When you now visit your web server’s phpdata.php URL, you should see an OCI8 section appear in the PHP configuration information display.
After that, it should be relatively plain sailing: you just need to create a file which explains how to connect to an Oracle database and fetch some data. I suggest you create a file called oracle.php in the /var/www/html directory, containing this:
<?php
$myselect = "select * from scott.emp";
$oraconn = oci_connect('system', 'password', '//192.168.0.145/lindb');
$doquery = OCIparse($oraconn, $myselect) or die("Couldn't parse statement.");
OCIexecute($doquery) or die("Couldn't execute statement.");
while (OCIfetch($doquery))
{$surname = OCIresult($doquery, ENAME);
$salval = OCIresult($doquery, SAL);
print '<b>'.$surname.'</b> '.$salval.'<br>';
}
?>
That assumes my Oracle server is running at IP address 192.168.0.145; that my SYSTEM password is “password” (which would be extremely dumb if true!); and that I’ve got the SCOTT schema created within that database containing ye olde EMP table. If you now visit the URL http://192.168.0.37/oracle.php, you should get 14 rows returned in your web browser.
Very interesting article, congratulations. Do you mind sharing the details on why SELinux didn’t play well with PHP/Oracle?
Good question. It’s 5.30AM here…. give me a few hours and I’ll write up a considered reply!
OK, time for the (slightly) more considered reply!
Basically, OCI8 will not play nice with a default, enforced SELinux. Permission to do what OCI8 needs to do will be denied and the connection to the database will never succeed as a result. See things like this OTN thread or this Old Nabble thread –see especially the end of that last link, which reads in part “5.2 Error While Loading Shared Library When SELinux is Enforcing on Oracle Enterprise Linux 5.0 and Red Hat Enterprise Linux 5.0″, which is a quote from Oracle’s own documentation. Obviously, that relates more specifically to running a *database* with SELinux enabled, but it also happens to apply to running just OCI8.
Naturally, there are workarounds. If you know SELinux well (I don’t), I dare say you can construct policies and contexts which let OCI8 do what it needs to do. One such workaround is mentioned in that second link I mentioned above (use “audit2allow” to get SELinux happy, basically). I haven’t tried any of those things personally. You could also, of course, run in “permissive” mode rather than in “enforced”. Personally, if I’m going to go ‘permissive’, I prefer to go all the way to ‘disabled’, but I guess other people might make different choices in that regard. I might not do so in a production environment, however!
Thanks for the pointers, seems like OCI8 uses some memory tricks. I don’t know much on SELinux but from what I see you need to run httpd on uncontained domain (httpd_disable_trans) and allow execute code on the memory heap (allow_execheap). Sounds like no reason to keep SELinux enabled at all as you suggested. Besides if you want a supported environment it is a good idea to follow the vendor documentation anyway. Thanks again for the time to answer the question.
dizwell, you are a wizard!. i have migrated from Centos 5X to this newer version. i was battling to find my way around. Thank you so much for you excellent help. I can now see me web server again.
Pingback: Installing Apache on centos 6 | DIASPAR WAS NOT ALWAYS THUS
Mr. Dizwell, thanks a lot for helping me with “chkconfig iptables off”! three days full work and tension came to and end finally after using ur cmd! thnks a lot!
You are the only website to mention service iptables stop! Thank you, solved my problem!
Hello,
Thanks for this article !
When i use “pecl install oci8-1.4.5.tgz” it finish with :
checking Oracle ORACLE_HOME install directory… /var/www/html/instantclient_11_2
checking ORACLE_HOME library validity… configure: error: Expected an ORACLE_HOME top level directory but /var/www/html/instantclient_11_2 appears to be an Instant Client directory. Try –with-oci8=instantclient,/var/www/html/instantclient_11_2
ERROR: `/var/tmp/oci8/configure –with-oci8′ failed
Any idea ?
Thanks
Well, when I did that install, I got to specify that I was using the instantclient by typing it in. (Remember, from the article, that “[the pecl installation] will prompt you to specify “the path to the ORACLE_HOME directory…”. At this point, you type in the following: instantclient,/var/www/html/instantclient_11_2″).
Which is, of course, what your error message is telling you, too.
Make sure there are no spaces between “instantclient” and the command and the “/var/www….” bit, too.
Otherwise, I don’t have much to suggest: you will definitely get errors with the instant client unless you specifically mention you’re using it and not a full-blown client installation, but I was always allowed to type in that bit of information. Are you not being prompted?
Hello,
Thank you for the answer, i solved this problem by entering manualy the path to instant client ! But another error appear :
/usr/bin/ld: skipping incompatible /var/www/html/instantclient_11_2/libclntsh.so when searching for -l clntsh
/usr/bin/ld: cannot find -lclntsh
collect2: ld returned 1 exit status
make: *** [oci8.la] Error 1
ERROR: `make’ failed
I have check that the symbolic link is ok :
libclntsh.so -> libclntsh.so.11.1
I don’t understand why i get this error.
Neither do I, really: bit difficult to diagnose remotely. It looks like what happens when you haven’t created the symbolic link correctly, although you rule that out (just check, to make 100% sure). The other thing that might do it is if you’ve downloaded a later version of the Instant client packages: I used 11.2.0.2, and it’s possible you’ve downloaded 11.2.0.3. I haven’t done 11.2.0.3 yet, so can’t tell you the workarounds if that happens to be the issue.
Hello,
I use the 11.2.0.3 instant client. I have resolved the problem by using the full oracle client (with installer). And it works fine !
Just one thing, i have disabled the se linux. When he was active, i have a error message in the httpd log that say he could’nt load the oci8 extension.
Thank for your article, it’s clear and very useful !
Well, there you go… the article does actually specify the use of the 11.2.0.2 instant client. These things will happen when you start altering the components involved, I’m afraid. It is possible that if you’d also upgraded to using the oci-1.4.7 tarball, instead of the 1.4.5 version mentioned in the article, that you’d then the 11.2.0.3 instant client you had decided to use would have worked. (Haven’t tested that, though -but the changelog for version 1.4.7 indicates that it works with 11.2.0.3).
Anyway, in case anyone else gets confused: the article is describing how to get the 11.2.0.2 instant client working with oci-1.4.5. Vary either of those component versions, and things will not work as described, though vary both of them to their latest versions and they probably will.
Also: your point about needing to disable SELinux is specifically mentioned in the original article (ninth paragraph). And then again explained in the third comment on this post (July 27th 2011, so about a year ago).
Thanks..The steps outlined by you for apache configuration worked smoothly for me.
Thanks – I couldn’t figure out why I couldn’t reach my newly set up apache server.. until I saw your post and realised CentOS enables iptables by default… spot on.
Awesome article dude. The format is perfect, easy to follow, and yeah, as some others mentioned, you included a crucial piece of info after setting it all up: Disable Iptables!!
When I install on 64 bit CenOS (6.3) only by applying 64 bit client which is working? Please correct me if I am wrong..?? Thank you for helping.
Hi there: I’m sorry. I don’t understand your question, so I can’t answer it. WOuld you like to try again with different words?