Oracle RAC 环境的权限是比较复杂的,如果误操作导致了相关目录或者文件权限不正确就会影响到GI的运行,比如常见的crsctl 资源显示为:UNKNOWN,或者通过srvctl 无法控制资源,只能通过SQL 命令来操作。
一般出现权限误修改的情况,只能通过相关的日志来分析,然后根据同版本的GI环境来对比,这种方法虽然可以解决问题,但是效率,也非常麻烦。
https://www.cndba.cn/cndba/dave/article/4393
对于Oracle 11.2.0.3.6+的版本,Oracle 提供了更简单的方法来修正GI的权限。
1 使用cluvfy工具验证GI权限
GRID_HOME 的权限问题,可以通过cluvfy工具来直接进行检查。 如下:
[root@www.cndba.cn ~]# su - grid
[grid@www.cndba.cn ~]$ cluvfy comp software -n all -verbose
Verifying software
Check: Software
934 files verified
Software check passed
Verification of software was successful.
[grid@www.cndba.cn ~]$
https://www.cndba.cn/cndba/dave/article/4393
https://www.cndba.cn/cndba/dave/article/4393
[grid@www.cndba.cn ~]$ cluvfy comp software -n all -verbose
Verifying software
WARNING:
These nodes cannot be reached:
rac2
Verification will proceed with nodes:
rac1
Check: Software
934 files verified
Software check passed
Verification of software was unsuccessful.
Checks did not pass for the following node(s):
rac2
[grid@www.cndba.cn ~]$
2 通过安装文件验证GI权限
在GI 的安装过程中,所有权限的目录都保存在如下2个文件中,可以通过查看这些文件来对比相关的权限。
crsconfig_dirs: 该文件记录了
中所有的目录及其对应的权限。
crsconfig_fileperms:该文件记录了
中所有文件清单及对应的权限。
在Oracle 11.2 和 12.1.0.1 版本中,权限文件保存在 $GRID_HOME/crs/utl 目录下。
在12.1.0.2 之后的版本,保存在
/crs/utl/
目录下。https://www.cndba.cn/cndba/dave/article/4393https://www.cndba.cn/cndba/dave/article/4393
[grid@www.cndba.cn utl]$ pwd
/u01/app/grid/11.2.0/crs/utl
[grid@www.cndba.cn utl]$ ls crsconfig_*
crsconfig_dirs crsconfig_fileperms crsconfig_files
[grid@www.cndba.cn utl]$ ll crsconfig_*
-rw-r--r--. 1 root root 8067 Jun 27 2013 crsconfig_dirs
-rw-r--r--. 1 root root 12586 Jun 27 2013 crsconfig_fileperms
-rw-r--r--. 1 root root 11218 Jun 27 2013 crsconfig_files
[grid@www.cndba.cn utl]$
[grid@www.cndba.cn utl]$ cat crsconfig_dirs
# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
# The values in each line use the following format:
#
# OSLIST DIRNAME OWNER GROUP CLOSED-PERMS OPEN-PERMS
#
# Note:
# 1) OSLIST is a comma-separated list of platforms on which the directory
# needs to be created. 'all' indicates that the directory needs to be
# created on every platform. OSLIST MUST NOT contain whitespace.
# 2) Permissions need to be specified AS OCTAL NUMBERS. If permissions are
# not specified, default (umask) values will be used.
#
# TBD: OPEN-PERMS need to be added for each dir
all /u01/app/grid/11.2.0/cdata grid oinstall 0775
all /u01/app/grid/11.2.0/cdata/rac-cluster grid oinstall 0775
all /u01/app/grid/11.2.0/cfgtoollogs grid oinstall 0775
all /u01/app/grid/11.2.0/cfgtoollogs/crsconfig grid oinstall 0775
all /u01/app/grid/11.2.0/log grid oinstall 0775
all /u01/app/grid/11.2.0/log/rac1 root oinstall 01755
all /u01/app/grid/11.2.0/log/rac1/crsd root oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/ctssd root oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/evmd grid oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/cssd grid oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/mdnsd grid oinstall 0750
……
[grid@www.cndba.cn utl]$ cat crsconfig_fileperms|more
# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
# The values in each line use the following format:
#
# OSLIST FILENAME OWNER GROUP PERMS
#
# Note:
# 1) OSLIST is a comma-separated list of platforms on which the file
# permissions need to be set. 'all' indicates that the directory needs
# to be created on every platform. OSLIST MUST NOT contain whitespace.
# 2) Permissions need to be specified AS OCTAL NUMBERS. If permissions
# are not specified, default (umask) values will be used.
# 3) The fields within each line of this file must be delimited by a single space
#
unix /u01/app/grid/11.2.0/log/rac1/alertrac1.log grid oinstall 0664
unix /u01/app/grid/11.2.0/bin/usrvip root oinstall 0755
unix /u01/app/grid/11.2.0/bin/appvipcfg root oinstall 0755
unix /u01/app/grid/11.2.0/crs/install/preupdate.sh grid oinstall 0755
unix /u01/app/grid/11.2.0/crs/install/s_crsconfig_defs grid oinstall 0755
unix /u01/app/grid/11.2.0/bin/cluutil grid oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrcheck root oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrcheck.bin root oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrconfig root oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrconfig.bin root oinstall 0755
……
3 自动修正GI权限
如果通过前面的检查发现有目录或者权限不正确,对于11.2.0.3.6以上的版本,可以直接通过rootcrs.pl 或 roothas.pl 脚本直接来修正。
在调用rootcrs.pl 或 roothas.pl 时加上-init 选项,会自动重置
所有目录和文件的权限。 这里要注意,在执行该命令时必须确保CRS是关闭状态。另外,该命令需要使用root用户执行。
--For 11.2:
For clustered Grid Infrastructure, as root user
# cd /crs/install/
# ./rootcrs.pl -init
For Standalone Grid Infrastructure, as root user
# cd /crs/install/
# ./roothas.pl -init
--For 12c+:
For clustered Grid Infrastructure, as root user
# cd /crs/install/
# ./rootcrs.sh -init
For Standalone Grid Infrastructure, as root user
# cd /crs/install/
# ./roothas.sh -init
我们这里在11g 上演示:
[root@rac2 ~]# /u01/app/grid/11.2.0/bin/crsctl stop crs
CRS-2791: Starting shutdown of Oracle High Availability Services-managed resources on 'rac2'
CRS-2673: Attempting to stop 'ora.crsd' on 'rac2'
CRS-2790: Starting shutdown of Cluster Ready Services-managed resources on 'rac2'
CRS-2673: Attempting to stop 'ora.LISTENER.lsnr' on 'rac2'
CRS-2673: Attempting to stop 'ora.dave.server_taf.svc' on 'rac2'
……
CRS-2677: Stop of 'ora.gipcd' on 'rac2' succeeded
CRS-2673: Attempting to stop 'ora.gpnpd' on 'rac2'
CRS-2677: Stop of 'ora.gpnpd' on 'rac2' succeeded
CRS-2793: Shutdown of Oracle High Availability Services-managed resources on 'rac2' has completed
CRS-4133: Oracle High Availability Services has been stopped.
[root@rac2 ~]#
注意这里的版本,11.2.0.3.6 版本以下没有-init 选项:
[root@rac2 ~]# cd /u01/app/grid/11.2.0/crs/install/
[root@rac2 install]# ls
cmdllroot.sh crsdelete.pm install.incl oracss.pm roothas.pl
crsconfig_addparams.sbs crspatch.pm installRemove.excl paramfile.crs rootofs.sh
crsconfig_lib.pm hasdconfig.pl onsconfig ParentDirPerm_rac2.txt s_crsconfig_defs
crsconfig_params inittab oraacfs.pm preupdate.sh s_crsconfig_lib.pm
crsconfig_params.sbs install.excl oracle-ohasd.conf rootcrs.pl s_crsconfig_rac2_env.txt
[root@rac2 install]# ./rootcrs.pl -init
Unknown option: init
--在18c中测试:
[root@www.cndba.cn ~]# cd /u01/app/18.3.0/grid/crs/install/
[root@www.cndba.cn install]# ls
CLSR.pm crsdowngrade.pm dropdb.pl orachm.pm oraqosmserver.pm s_crsconfig_rac1_env.txt
cmdllroot.sh crsgenconfig_params HASLoad.pm oracle-ohasd.conf orasrvm.pm s_crsutils.pm
crsconfig_addparams crsgpnp.pm inittab oracle-ohasd.service paramfile.crs s_orachm.pm
crsconfig_addparams.sbs crsinstall.pm install.excl oraClusterwareComp.pm ParentDirPerm_rac1.txt s_oraocr.pm
crsconfig_params crska.pm install_gi.excl oracss.pm perlhasgen.pm s_oraolr.pm
crsconfig_params.saved crspatch.pm install.incl oragpnp.pm post_gimr_ugdg.pl tfa_setup
crsconfig_params.sbs crstfa.pm installRemove.excl oraios.pm rootcrs.pl
crsconvert.pm crsupgrade.pm oraacfs.pm oraocr.pm rootcrs.sh
crsconvtoext.pm crsutils.pm oraafd.pm oraohasd.pm roothas.pl
crscpcfg.pm crsxag.pm oraasm.pm oraolr.pm roothas.sh
crsdeconfig.pm dropdb oracdp.pm oraons.pm s_crsconfig_defs
[root@www.cndba.cn install]# ./rootcrs.sh -init
Using configuration parameter file: /u01/app/18.3.0/grid/crs/install/crsconfig_params
The log of current session can be found at:
/u01/app/grid/crsdata/rac1/crsconfig/rootcrs_rac1_2021-02-05_05-49-18PM.log
[root@www.cndba.cn install]#
具体的过程可以直接查看对应的log 日志。
https://www.cndba.cn/cndba/dave/article/4393
4 手工修正GI权限
如果自动修正GI权限失败,也可以根据crsconfig_fileperms 和crsconfig_dirs 文件中记录的权限,手工进行修改。 手工修改是最后的方法,不要轻易进行尝试。 https://www.cndba.cn/cndba/dave/article/4393https://www.cndba.cn/cndba/dave/article/4393https://www.cndba.cn/cndba/dave/article/4393
版权声明:本文为博主原创文章,未经博主允许不得转载。