一.1.1 如何修复11.2 Grid权限误操作
关于Oracle GRID HOME文件目录的权限问题
① chown -R 误操作了,将整个/u01/app的权限修过了如何恢复?
② 删除了$GRID_HOME/log文件夹下的所有内容,集群不能启动,如何恢复?
使用chown -R 误操作了,将整个/u01/app的权限修过了,导致grid无法启动。,搜了下mos发现了一篇文档:Tips for checking file permissions on GRID environment(ID 1931142.1)
该文档中描述到,$GRID_HOME/crs/utl下面的几个文件中记录了整个GRID_HOME下面的文件和目录的相关权限。
Check the permissions from the following 2 files which are created during Grid Infrastructure installation.
In $GRID_HOME/crs/utl (for 11.2 and 12.1.0.1) and <GRID_HOME>/crs/utl/<hostname> (for 12.1.0.2) directory:
crsconfig_dirs :which has all directories listed in <GRID_HOME> and their permissions
crsconfig_fileperms :which has list of files and their permissions and locations in <GRID_HOME>.
我们来看下是否是这样的,cd $ORACLE_HOME/crs/utl:
[root@rac2 bin]# cd /home/grid/app/11.2/grid/crs/utl
[root@rac2 utl]# ls -ltr
total 324
-rw-r–r– 1 root root 1128 Aug 11 09:48 usrvip
-rw-r–r– 1 root root 8437 Aug 11 09:48 srvctl
……
-rw-r–r– 1 root root 12102 Aug 11 09:48 crsconfig_files
-rw-r–r– 1 root root 13468 Aug 11 09:48 crsconfig_fileperms
-rw-r–r– 1 root root 8666 Aug 11 09:48crsconfig_dirs
-rw-r–r– 1 root root 699 Aug 11 09:48 crfsetenv
-rw-r–r– 1 root root 1280 Aug 11 09:48 cmdllroot.sh
-rw-r–r– 1 root root 3680 Aug 11 09:48 cluutil
-rw-r–r– 1 root root 1648 Aug 11 09:48 clsrwrap
-rw-r–r– 1 root root 540 Aug 11 09:48 appvipcfg
[zfzhlhrdb1:grid]:/oracle/app/11.2.0/grid/crs/utl>more crsconfig_dirs
# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
# The values in each line use the following format:
#
# OSLIST DIRNAME OWNER GROUP CLOSED-PERMS OPEN-PERMS
#
# Note:
# 1) OSLIST is a comma-separated list of platforms on which the directory
# needs to be created. 'all' indicates that the directory needs to be
# created on every platform. OSLIST MUST NOT contain whitespace.
# 2) Permissions need to be specified AS OCTAL NUMBERS. If permissions are
# not specified, default (umask) values will be used.
#
# TBD: OPEN-PERMS need to be added for each dir
all /oracle/app/11.2.0/grid/cdata grid dba 0775
all /oracle/app/11.2.0/grid/cdata/zfzhlhrdb-crs grid dba 0775
all /oracle/app/11.2.0/grid/cfgtoollogs grid dba 0775
all /oracle/app/11.2.0/grid/cfgtoollogs/crsconfig grid dba 0775
all /oracle/app/11.2.0/grid/log grid dba 0775
.............................................
unix /etc/oracle/olr.loc root dba 0644
unix /etc/oracle/ocr.loc root dba 0644
[zfzhlhrdb1:grid]:/oracle/app/11.2.0/grid/crs/utl>
我们可以看到,确实是这样,crsconfig_dirs里面记录所有$GRID_HOME相关目录的权限。crsconfig_fileperms中记录了文件的权限.
一.1.1.1 校验权限
我们可以通过命令来校验:Validate the <GRID_HOME> by using cluvfy tool.
$ cluvfy comp software -n all -verbose
[zfzhlhrdb1:grid]:/home/grid>cluvfy comp software -n all -verbose
Verifying software
Check: Software
Component: crs
Node Name: zfzhlhrdb2
/oracle/app/11.2.0/grid/bin/racgeut..."Permissions" did not match reference
Permissions of file "/oracle/app/11.2.0/grid/bin/racgeut" did not match the expected value. [Expected = "0755" ; Found = "0775"]
/oracle/app/11.2.0/grid/bin/racgmain..."Permissions" did not match reference
Permissions of file "/oracle/app/11.2.0/grid/bin/racgmain" did not match th...............................
/oracle/app/11.2.0/grid/clone/rootpre/ORCLcluster/lib/libskgxnr.a...No such file or directory
1227 files verified
Software check failed
Verification of software was unsuccessful on all the specified nodes.
一.1.1.2 解决
所以要解决这个问题其实并不难,我们大致可以通过如下几种方法来解决:
1. 根据前面的几个权限配置脚本自己参考进行修改,实际上并不难,直接UE编辑就很快搞定.
2. 根据Mos文档提供的建议通过 $GRID_HOME/crs/install/rootcrs.pl -init 或 roothas.pl -init进行解决. rootcrs.pl –init是在PSU>11.2.0.3.6下执行的,如果PSU<11.2.0.3.6可以执行如下两条命令来实现同样的效果
<GRID_HOME>/crs/install/rootcrs.pl -unlock
<GRID_HOME>/crs/install/rootcrs.pl -patch
For 11.2:
For clustered Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./rootcrs.pl -init
For Standalone Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./roothas.pl -init
For 12c:
For clustered Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./rootcrs.sh -init
For Standalone Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./roothas.sh -init
3.采用MOS1515018.1文档提供的脚本在正常库上生成脚本,然后将生成的脚本在异常库上执行从而来修复权限问题(应该和方法2结合使用)。
4. 11gR2可以deconfig crs的配置,然后重新跑root.sh即可。重新跑root.sh脚本并不影响数据库,所以无需担心(个人推荐的一种方式).
$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose
$ORACLE_HOME/root.sh
5. 如果是rac的某个节点的误操作,那么还可以通过delete node然后add node来做,不过这个相对麻烦太多了,但是或许是最保险的一种方式。oracle也推荐这样,因为你如果人为修改文件权限,很难保证以后运行过程中不会出现什么问题。
补充:
Linux环境中还可以通过getfacl和setfacl来进行操作,如下是例子:
1) getfacl /home/grid/app/11.2/grid > dir_privs.txt
2) set –restore dir_privs.txt
总结:
在安装有GI的环境下,权限、属主是严格被设定的,任何对于它们的错误修改容易引发一系列的问题,而且这些问题往往都很诡异很难按照常规的思路去诊断。万一权限或属主被修改了可以通过rootcrs.pl -init及permission.pl进行修复,rootcrs.pl –init仅修复GI的核心目录,所以其修复速度较快,如果遇到GI无法启动的问题,建议首选这种方法以使GI能够快速启动,但其缺点在于无法全量的进行修复,GI虽然正常了,并不能保证之后的运行过程中不出现这样那样的问题,这时就需要permission.pl出场了,permission.pl的运行模式决定了源库(权限正确的库)与目标库(权限错误的库)间的软件版本尽可能的一致,所以源库一定要选好,否则问题会更糟,另外如果源、目标两个库的安装目录不一样还需要对permission*脚本作调整后再执行。
所以个人建议还是跑root.sh来的稳妥一点。
一.1.1.3 MOS 1515018.1 permission.pl脚本的使用
chmod 755 permission.pl
oracle用户获取ORACLE_HOME: ./permission.pl $ORACLE_HOME
root用户获取GRID_HOME: ./permission.pl $ORACLE_HOME
Script generates two files
a. permission-<time stamp> - This contains file permission in octal value, owner and group information of the files captured
b. restore-perm-<time stamp>.cmd - This contains command to change the permission, owner, and group of the captured files
拷贝到目标主机后分别执行:
chmod 755 restore-perm-<timestamp>.cmd
./restore-perm-<timestamp>.cmd
一.1.2 如何修复ASM实例名和节点名不一致的情况
对于10g的情况,我们可以参考Dave大神的blog:RAC修改ASM实例名的步骤
对于11g的情况,我们只能重新执行root.sh脚本来修复这个问题。
一.1.3 如何彻底清除CRS信息
[ZFTPCCDB1:root]:/>$ORACLE_HOME/crs/install/rootcrs.pl -h
Unknown option: h
Usage:
rootcrs.pl [-verbose] [-upgrade [-force] | -patch]
[-paramfile <parameter-file>]
[-deconfig [-deinstall] [-keepdg] | -downgrade] [-force] [-lastnode]
[-downgrade] [-oldcrshome <old crshome path>] [-version <old crs version>]
[-unlock [-crshome <path to crs home>] [-nocrsstop]]
Options:
-verbose Run this script in verbose mode
-upgrade Oracle HA is being upgraded from previous version
-patch Oracle HA is being upgraded to a patch version
-paramfile Complete path of file specifying HA parameter values
-lastnode Force the node this is executing on to be considered the
last node of the install and perform actions associated
with configuring the last node
-downgrade Downgrade the clusterware
-version For use with downgrade; special handling is required if
downgrading to 9i. This is the old crs version in the format
A.B.C.D.E (e.g 11.1.0.6.0).
-deconfig Remove Oracle Clusterware to allow it to be uninstalled or reinstalled.
-force Force the execution of steps in delete that cannot be verified
to be safe
-deinstall Reset the permissions on CRS home during de-configuration
-keepdg Keep existing diskgroups during de-configuration
-unlock Unlock CRS home
-crshome Complete path of crs home. Use with unlock option.
-oldcrshome For use with downgrade. Complete path of the old crs home.
-nocrsstop used with unlock option to reset permissions on an inactive grid home
If neither -upgrade nor -patch is supplied, a new install is performed
To see the full manpage for this program, execute:
perldoc rootcrs.pl
[ZFTPCCDB1:root]:/>
根据MOSHow to Proceed from Failed 11gR2 Grid Infrastructure (CRS) Installation (文档 ID 942166.1) 文档,若要重新执行root.sh脚本,我们可以如下操作:
在除最后一个节点外的所有节点执行:$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose
在最后一个节点执行:$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose -lastnode
重启OS后再执行:$ORACLE_HOME/root.sh
需要注意的一点是,我们在执行完$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose执成之后需要删除如下的文件:
ls -l $ORACLE_BASE/Clusterware/ckptGridHA*
find $ORACLE_HOME/gpnp/* -type f
find $ORACLE_HOME/gpnp/* -type f -exec rm -rf {} \;
其中(find $ORACLE_HOME/gpnp/* -type f)中的文件删除后,我们在重新执行root.sh的时候才会有如下的提示:
root wallet
root wallet cert
root cert export
peer wallet
profile reader wallet
pa wallet
peer wallet keys
pa wallet keys
peer cert request
pa cert request
peer cert
pa cert
peer root cert TP
profile reader root cert TP
pa root cert TP
peer pa cert TP
pa peer cert TP
profile reader pa cert TP
profile reader peer cert TP
peer user cert
pa user cert
About Me
..........................................................................................................................................................................................................
本文作者:小麦苗,只专注于数据库的技术,更注重技术的运用
本文在ITpub和博客园有同步更新
本文pdf版:http://yunpan.cn/cdEQedhCs2kFz )
于 2016-06-24 10:00~ 2016-07-04 19:00 在中行完成
【版权所有,文章允许转载,但须以链接方式注明源地址,否则追究法律责任】
..........................................................................................................................................................................................................
本文分享自微信公众号 - DB宝(lhrdba)。
如有侵权,请删除。