How to recreate shared ASM password file in 12c GI cluster (Doc ID 1929673.1)
How to recreate shared ASM password file in 12c GI cluster (Doc ID 1929673.1)
APPLIES TO:
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Information in this document applies to any platform.
GOAL
This note provides the steps to recreate the shared ASM password file in 12c Flex ASM.
SOLUTION
1. Backup the password file
ASMCMD> pwcopy +DATA/orapwASM /tmp/asm.pwd
copying +DATA/orapwASM -> /tmp/asm.pwd
2. In case of issue with password file, we can restore it as below
ASMCMD> pwcopy --asm /tmp/asm.pwd +DATA/orapwASM -f
copying /tmp/asm.pwd -> +DATA/orapwASM
ASMCMD> ls -l
Type Redund Striped Time Sys Name
N ASM/
N _mgmtdb/
Y cehaovm-cluster/
PASSWORD UNPROT COARSE SEP 19 09:00:00 N orapwasm => +DATA/ASM/PASSWORD/pwdasm.257.955101541
For 12c R1
Step 1: Create ASM password file with sys and asmsnmp user
ASMCMD> orapwusr --grant sysasm sys
ASMCMD> orapwusr --add asmsnmp
Enter password: ********
ASMCMD> orapwusr --grant sysdba asmsnmp
If "pwcreate" fails with ORA-15005, delete the existing password file first:
Step 2: Find out user name and password for CRSD to connect
$ crsctl query credmaint -path ASM/Self -credtype userpass
Path Credtype ID Attrs
/ASM/Self/c6d161f1b2106fd6ff51c756aa846819userpass 0 create_time=2014-09-16 00:05:52, modify_time=2014-09-16 00:05:52, expiration_time=NEVER,bootstrap=FALSE
Note: First column "path" in the output will be used in the next two commands
$ crsctl get credmaint -path /ASM/Self/c6d161f1b2106fd6ff51c756aa846819 -credtype userpass -id 0 -attr user -local
crsuser__asm_001 ====>> this is the user name
$ crsctl get credmaint -path /ASM/Self/c6d161f1b2106fd6ff51c756aa846819 -credtype userpass -id 0 -attr passwd -local
hKcb3TMBj3y3Im7Mx2Uifvx8LZ8PP ====>> this is the password
Step 3: Create the user for CRSD to connect
Enter password: *****************************
ASMCMD> orapwusr --grant sysdba crsuser__asm_001
ASMCMD> orapwusr --grant sysasm crsuser__asm_001
NOTE: Type the password received from Step 2, Copy and Paste may cause issues in restart of CRS
Step 4: Confirm list of users
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
CRSUSER__ASM_001 TRUE FALSE TRUE
ASMSNMP TRUE FALSE FALSE
If the procedure isn't followed, after recreating ASM password file, on non-local node, ora.crsd will not start as ora.storage resource fails with the following errors in <ADR_HOME>/crs/<node>/crs/trace/ohasd_orarootagent_root.trc
.
2014-09-09 00:04:34.060702*:kgfn.c@6286: kgfnConnect2Int: OCISessionBegin failed
2014-09-09 00:04:34.060702*:kgfn.c@1606: kgfnRecordErrPriv: status=-1 at kgfn.c:6370
2014-09-09 00:04:34.060702*:kgfn.c@1652: kgfnRecordErrPriv: 1017 error=ORA-01017: invalid username/password; logon denied
OR
2014-09-24 22:11:41.799924*:kgfn.c@6200: kgfnConnect2Int: OCISessionBegin failed
2014-09-24 22:11:41.799924*:kgfn.c@1602: kgfnRecordErrPriv: status=-1 at kgfn.c:6284
2014-09-24 22:11:41.799924*:kgfn.c@1648: kgfnRecordErrPriv: 1031 error=ORA-01031: insufficient privileges
NOTE:As per Bug 25847218 the above procedure is only applicable to Flex-ASM Configurations.
For 12c R2
Step 1: Create ASM password file with sys and asmsnmp user
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
CRSUSER__ASM_001 TRUE FALSE TRUE
ASMSNMP TRUE FALSE FALSE
$ asmcmd pwget --asm
+DATA/orapwASM
ASMCMD> pwcopy +DATA/orapwASM /tmp/asm.pwd
copying +DATA/orapwASM -> /tmp/asm.pwd
ASMCMD> pwcreate --asm +DATA/orapwASMnew 'welcome@1' -f
ASMCMD> pwget --asm
+DATA/orapwasmnew
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE FALSE
ASMCMD> orapwusr --grant sysasm SYS
ASMCMD> orapwusr --add ASMSNMP
Enter password: *********<<<<<<<<<<<<<<<<<<<<<welcome@1
ASMCMD> orapwusr --grant sysdba ASMSNMP
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
Step 2: Find out user name and password for CRSD to connect, starting from 12.2 "query credmaint" will not work as per design
Path Credtype ID Attrs
credmaint is an internal option and therefore undocumented. It is used by internal scripts in configuring various services.
Dump the OCR contents as below
$ $GRID_HOME/bin/ocrdump /tmp/ocr.dmp
PROT-310: Not all keys were dumped due to permissions.
$ vi /tmp/ocr.dmp
--Search for below
SYSTEM.ASM.CREDENTIALS.USERS.CRSUSER__ASM_001]
ORATEXT : 3889b62c95b64f9bffae7aa8eaa6001d:oracle<<<<<<<<<<<<<<<<<<<<<<This is our credential to retrieve the password
SECURITY : {USER_PERMISSION : PROCR_ALL_ACCESS, GROUP_PERMISSION : PROCR_READ, OTHER_PERMISSION : PROCR_NONE, USER_NAME : oracle, GROUP_NAME : oinstall}
$ crsctl get credmaint -path /ASM/Self/3889b62c95b64f9bffae7aa8eaa6001d -credtype userpass -id 0 -attr user -local
CRSUSER__ASM_001
$ crsctl get credmaint -path /ASM/Self/3889b62c95b64f9bffae7aa8eaa6001d -credtype userpass -id 0 -attr passwd -local
VWadlWRmYlAc9hfKGuVslNz4XANSl<<<<<<<<<This is the password
Step 3: Create the user for CRSD to connect
Enter password: *****************************<<<<<<<<Password taken from Step 2
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
CRSUSER__ASM_001 FALSE FALSE FALSE
ASMCMD> orapwusr --grant sysdba CRSUSER__ASM_001
ASMCMD> orapwusr --grant sysasm CRSUSER__ASM_001
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
CRSUSER__ASM_001 TRUE FALSE TRUE
[oracle@cehaovmsp1003 ~]$ srvctl config asm
ASM home: <CRS home>
Password file: +DATA/orapwasmnew
Backup of Password file:
ASM listener: LISTENER
ASM instance count: 3
Cluster ASM listener: ASMNET1LSNR_ASM
- Android View架构总结
- 怎样用Python给宝宝取个好名字?
- 字符串处理技巧
- SwipeRefreshLayout下拉刷新组件
- 使用数字进行字符遍历
- 技术分享:杂谈如何绕过WAF(Web应用防火墙)
- 模拟Executor策略的实现如何控制执行顺序?怎么限制最大同时开启线程的个数?为什么要有一个线程来将结束的线程移除出执行区?转移线程的时候要判断线程是否为空遍历线程的容器会抛出ConcurrentM
- ViewPager快速实现引导页
- Linux学习 - 常用和不太常用的实用awk命令
- 漏洞预警:厄运cookie(Misfortune Cookie)漏洞影响全球1200万台路由器
- 漏洞预警:Google安全研究人员发现NTP(网络时间协议)最新漏洞
- 揭秘:从内部源码看Facebook技术(第一集)
- Python 自然语言处理《釜山行》人物关系
- 注意:C++中double的表示是有误差的
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- LeetCode 03无重复字符的最长子串(滑动窗口)
- elasticSearch学习(五)
- MySQL进阶:索引与优化
- CentOS7搭建Zabbix4.2系统
- vue项目更换favicon.ico
- 一种O(n)的排序——计数排序引发的围观风波
- LeetCode 04寻找两个正序数组的中位数(困难)二分法
- Java程序员面试必备:Volatile全方位解析
- HTTP协议基础及发展历史
- Vi 和 Vim 的使用
- k8s删除Terminating状态的命名空间
- CentOS7下vsftpd over SSL/TLS加密传输配置实践
- Xargs Sh -c Skipping the First Argument
- Centos系统安装
- Python 为什么能支持任意的真值判断?