Oracle RAC GI 权限检查和修复方法 -- cnDBA.cn

Oracle RAC 环境的权限是比较复杂的，如果误操作导致了相关目录或者文件权限不正确就会影响到GI的运行，比如常见的crsctl 资源显示为：UNKNOWN，或者通过srvctl 无法控制资源，只能通过SQL 命令来操作。

一般出现权限误修改的情况，只能通过相关的日志来分析，然后根据同版本的GI环境来对比，这种方法虽然可以解决问题，但是效率，也非常麻烦。

对于Oracle 11.2.0.3.6+的版本，Oracle 提供了更简单的方法来修正GI的权限。

1 使用cluvfy工具验证GI权限

GRID_HOME 的权限问题，可以通过cluvfy工具来直接进行检查。如下：

[root@www.cndba.cn ~]# su - grid
[grid@www.cndba.cn ~]$ cluvfy comp software -n all -verbose

Verifying software

Check: Software

  934 files verified

Software check passed

Verification of software was successful.
[grid@www.cndba.cn ~]$

这里验证成功，权限没有问题，如果部分节点没有启动，也可以进行验证，但结果会显示不成功：

[grid@www.cndba.cn ~]$ cluvfy comp software -n all -verbose

Verifying software

WARNING:
These nodes cannot be reached:
        rac2
Verification will proceed with nodes:
        rac1

Check: Software

  934 files verified

Software check passed

Verification of software was unsuccessful.
Checks did not pass for the following node(s):
        rac2
[grid@www.cndba.cn ~]$

2 通过安装文件验证GI权限

在GI 的安装过程中，所有权限的目录都保存在如下2个文件中，可以通过查看这些文件来对比相关的权限。

crsconfig_dirs：该文件记录了中所有的目录及其对应的权限。
crsconfig_fileperms：该文件记录了中所有文件清单及对应的权限。

在Oracle 11.2 和 12.1.0.1 版本中，权限文件保存在 $GRID_HOME/crs/utl 目录下。
在12.1.0.2 之后的版本，保存在 /crs/utl/ 目录下。

[grid@www.cndba.cn utl]$ pwd
/u01/app/grid/11.2.0/crs/utl
[grid@www.cndba.cn utl]$ ls crsconfig_*
crsconfig_dirs  crsconfig_fileperms  crsconfig_files
[grid@www.cndba.cn utl]$ ll crsconfig_*
-rw-r--r--. 1 root root  8067 Jun 27  2013 crsconfig_dirs
-rw-r--r--. 1 root root 12586 Jun 27  2013 crsconfig_fileperms
-rw-r--r--. 1 root root 11218 Jun 27  2013 crsconfig_files
[grid@www.cndba.cn utl]$
[grid@www.cndba.cn utl]$ cat crsconfig_dirs
# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
# The values in each line use the following format:
#
# OSLIST DIRNAME OWNER GROUP CLOSED-PERMS OPEN-PERMS
#
# Note:
# 1) OSLIST is a comma-separated list of platforms on which the directory
#    needs to be created.  'all' indicates that the directory needs to be
#    created on every platform.  OSLIST MUST NOT contain whitespace.
# 2) Permissions need to be specified AS OCTAL NUMBERS.  If permissions are
#    not specified, default (umask) values will be used.
#
# TBD: OPEN-PERMS need to be added for each dir

all /u01/app/grid/11.2.0/cdata grid oinstall 0775
all /u01/app/grid/11.2.0/cdata/rac-cluster grid oinstall 0775
all /u01/app/grid/11.2.0/cfgtoollogs grid oinstall 0775
all /u01/app/grid/11.2.0/cfgtoollogs/crsconfig grid oinstall 0775
all /u01/app/grid/11.2.0/log grid oinstall 0775
all /u01/app/grid/11.2.0/log/rac1 root oinstall 01755
all /u01/app/grid/11.2.0/log/rac1/crsd root oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/ctssd root oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/evmd grid oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/cssd grid oinstall 0750
all /u01/app/grid/11.2.0/log/rac1/mdnsd grid oinstall 0750
……
[grid@www.cndba.cn utl]$ cat crsconfig_fileperms|more
# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
# The values in each line use the following format:
#
# OSLIST FILENAME OWNER GROUP PERMS
#
# Note:
# 1) OSLIST is a comma-separated list of platforms on which the file
#    permissions need to be set.  'all' indicates that the directory needs
#    to be created on every platform.  OSLIST MUST NOT contain whitespace.
# 2) Permissions need to be specified AS OCTAL NUMBERS.  If permissions
#    are not specified, default (umask) values will be used.
# 3) The fields within each line of this file must be delimited by a single space
#
unix /u01/app/grid/11.2.0/log/rac1/alertrac1.log grid oinstall 0664
unix /u01/app/grid/11.2.0/bin/usrvip root oinstall 0755
unix /u01/app/grid/11.2.0/bin/appvipcfg root oinstall 0755
unix /u01/app/grid/11.2.0/crs/install/preupdate.sh grid oinstall 0755
unix /u01/app/grid/11.2.0/crs/install/s_crsconfig_defs grid oinstall 0755
unix /u01/app/grid/11.2.0/bin/cluutil grid oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrcheck root oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrcheck.bin root oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrconfig root oinstall 0755
unix /u01/app/grid/11.2.0/bin/ocrconfig.bin root oinstall 0755
……

3 自动修正GI权限

如果通过前面的检查发现有目录或者权限不正确，对于11.2.0.3.6以上的版本，可以直接通过rootcrs.pl 或 roothas.pl 脚本直接来修正。

在调用rootcrs.pl 或 roothas.pl 时加上-init 选项，会自动重置所有目录和文件的权限。这里要注意，在执行该命令时必须确保CRS是关闭状态。另外，该命令需要使用root用户执行。

--For 11.2:
For clustered Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./rootcrs.pl -init

For Standalone Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./roothas.pl  -init

--For 12c+:
For clustered Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./rootcrs.sh -init

For Standalone Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./roothas.sh -init

我们这里在11g 上演示：

[root@rac2 ~]# /u01/app/grid/11.2.0/bin/crsctl stop crs
CRS-2791: Starting shutdown of Oracle High Availability Services-managed resources on 'rac2'
CRS-2673: Attempting to stop 'ora.crsd' on 'rac2'
CRS-2790: Starting shutdown of Cluster Ready Services-managed resources on 'rac2'
CRS-2673: Attempting to stop 'ora.LISTENER.lsnr' on 'rac2'
CRS-2673: Attempting to stop 'ora.dave.server_taf.svc' on 'rac2'
……
CRS-2677: Stop of 'ora.gipcd' on 'rac2' succeeded
CRS-2673: Attempting to stop 'ora.gpnpd' on 'rac2'
CRS-2677: Stop of 'ora.gpnpd' on 'rac2' succeeded
CRS-2793: Shutdown of Oracle High Availability Services-managed resources on 'rac2' has completed
CRS-4133: Oracle High Availability Services has been stopped.
[root@rac2 ~]#

注意这里的版本，11.2.0.3.6 版本以下没有-init 选项：
[root@rac2 ~]# cd /u01/app/grid/11.2.0/crs/install/
[root@rac2 install]# ls
cmdllroot.sh             crsdelete.pm   install.incl        oracss.pm               roothas.pl
crsconfig_addparams.sbs  crspatch.pm    installRemove.excl  paramfile.crs           rootofs.sh
crsconfig_lib.pm         hasdconfig.pl  onsconfig           ParentDirPerm_rac2.txt  s_crsconfig_defs
crsconfig_params         inittab        oraacfs.pm          preupdate.sh            s_crsconfig_lib.pm
crsconfig_params.sbs     install.excl   oracle-ohasd.conf   rootcrs.pl              s_crsconfig_rac2_env.txt
[root@rac2 install]# ./rootcrs.pl -init
Unknown option: init

--在18c中测试：
[root@www.cndba.cn ~]# cd /u01/app/18.3.0/grid/crs/install/
[root@www.cndba.cn install]# ls
CLSR.pm                  crsdowngrade.pm      dropdb.pl           orachm.pm              oraqosmserver.pm        s_crsconfig_rac1_env.txt
cmdllroot.sh             crsgenconfig_params  HASLoad.pm          oracle-ohasd.conf      orasrvm.pm              s_crsutils.pm
crsconfig_addparams      crsgpnp.pm           inittab             oracle-ohasd.service   paramfile.crs           s_orachm.pm
crsconfig_addparams.sbs  crsinstall.pm        install.excl        oraClusterwareComp.pm  ParentDirPerm_rac1.txt  s_oraocr.pm
crsconfig_params         crska.pm             install_gi.excl     oracss.pm              perlhasgen.pm           s_oraolr.pm
crsconfig_params.saved   crspatch.pm          install.incl        oragpnp.pm             post_gimr_ugdg.pl       tfa_setup
crsconfig_params.sbs     crstfa.pm            installRemove.excl  oraios.pm              rootcrs.pl
crsconvert.pm            crsupgrade.pm        oraacfs.pm          oraocr.pm              rootcrs.sh
crsconvtoext.pm          crsutils.pm          oraafd.pm           oraohasd.pm            roothas.pl
crscpcfg.pm              crsxag.pm            oraasm.pm           oraolr.pm              roothas.sh
crsdeconfig.pm           dropdb               oracdp.pm           oraons.pm              s_crsconfig_defs
[root@www.cndba.cn install]# ./rootcrs.sh -init
Using configuration parameter file: /u01/app/18.3.0/grid/crs/install/crsconfig_params
The log of current session can be found at:
  /u01/app/grid/crsdata/rac1/crsconfig/rootcrs_rac1_2021-02-05_05-49-18PM.log
[root@www.cndba.cn install]#

具体的过程可以直接查看对应的log 日志。

4 手工修正GI权限

如果自动修正GI权限失败，也可以根据crsconfig_fileperms 和crsconfig_dirs 文件中记录的权限，手工进行修改。手工修改是最后的方法，不要轻易进行尝试。

签到成功

CNDBA社区