Oracle OCR的備份與恢復(2)--如何修復11.2 Grid權限誤操做

一.1.1  如何修復11.2 Grid權限誤操做

 關於Oracle GRID HOME文件目錄的權限問題

①　chown -R 誤操做了，將整個/u01/app的權限修過了如何恢復？

②　刪除了$GRID_HOME/log文件夾下的全部內容，集羣不能啓動，如何恢復？

使用chown -R 誤操做了，將整個/u01/app的權限修過了，致使grid沒法啓動。，搜了下mos發現了一篇文檔：Tips for checking file permissions on GRID environment(ID 1931142.1)

該文檔中描述到,$GRID_HOME/crs/utl下面的幾個文件中記錄了整個GRID_HOME下面的文件和目錄的相關權限。

Check the permissions from the following 2 files which are created during Grid Infrastructure installation.

In $GRID_HOME/crs/utl (for 11.2 and 12.1.0.1) and <GRID_HOME>/crs/utl/<hostname> (for 12.1.0.2) directory:

crsconfig_dirs ：which has all directories listed in <GRID_HOME> and their permissions

crsconfig_fileperms ：which has list of files and their permissions and locations in <GRID_HOME>.

 

 咱們來看下是不是這樣的,cd $ORACLE_HOME/crs/utl：

[root@rac2 bin]# cd  /home/grid/app/11.2/grid/crs/utl

[root@rac2 utl]# ls -ltr

total 324

-rw-r–r– 1 root root  1128 Aug 11 09:48 usrvip

-rw-r–r– 1 root root  8437 Aug 11 09:48 srvctl

……

-rw-r–r– 1 root root 12102 Aug 11 09:48 crsconfig_files

-rw-r–r– 1 root root 13468 Aug 11 09:48 crsconfig_fileperms

-rw-r–r– 1 root root  8666 Aug 11 09:48crsconfig_dirs

-rw-r–r– 1 root root   699 Aug 11 09:48 crfsetenv

-rw-r–r– 1 root root  1280 Aug 11 09:48 cmdllroot.sh

-rw-r–r– 1 root root  3680 Aug 11 09:48 cluutil

-rw-r–r– 1 root root  1648 Aug 11 09:48 clsrwrap

-rw-r–r– 1 root root   540 Aug 11 09:48 appvipcfg

[zfzhlhrdb1:grid]:/oracle/app/11.2.0/grid/crs/utl>more crsconfig_dirs

# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.

# The values in each line use the following format:

#

# OSLIST DIRNAME OWNER GROUP CLOSED-PERMS OPEN-PERMS

#

# Note:

# 1) OSLIST is a comma-separated list of platforms on which the directory

#    needs to be created.  'all' indicates that the directory needs to be

#    created on every platform.  OSLIST MUST NOT contain whitespace.

# 2) Permissions need to be specified AS OCTAL NUMBERS.  If permissions are

#    not specified, default (umask) values will be used.

#

# TBD: OPEN-PERMS need to be added for each dir

 

all /oracle/app/11.2.0/grid/cdata grid dba 0775

all /oracle/app/11.2.0/grid/cdata/zfzhlhrdb-crs grid dba 0775

all /oracle/app/11.2.0/grid/cfgtoollogs grid dba 0775

all /oracle/app/11.2.0/grid/cfgtoollogs/crsconfig grid dba 0775

all /oracle/app/11.2.0/grid/log grid dba 0775

.............................................

unix /etc/oracle/olr.loc root dba 0644

unix /etc/oracle/ocr.loc root dba 0644

[zfzhlhrdb1:grid]:/oracle/app/11.2.0/grid/crs/utl>

咱們能夠看到，確實是這樣，crsconfig_dirs裏面記錄全部$GRID_HOME相關目錄的權限。crsconfig_fileperms中記錄了文件的權限.

一.1.1.1  校驗權限

咱們能夠經過命令來校驗：Validate the <GRID_HOME> by using cluvfy tool.

$ cluvfy comp software -n all -verbose

 

[zfzhlhrdb1:grid]:/home/grid>cluvfy comp software -n all -verbose

 

Verifying software

 

Check: Software

 

  Component: crs                      

 

  Node Name: zfzhlhrdb2               

    /oracle/app/11.2.0/grid/bin/racgeut..."Permissions" did not match reference

        Permissions of file "/oracle/app/11.2.0/grid/bin/racgeut" did not match the expected value. [Expected = "0755" ; Found = "0775"]

    /oracle/app/11.2.0/grid/bin/racgmain..."Permissions" did not match reference

        Permissions of file "/oracle/app/11.2.0/grid/bin/racgmain" did not match th...............................

    /oracle/app/11.2.0/grid/clone/rootpre/ORCLcluster/lib/libskgxnr.a...No such file or directory

 

  1227 files verified                 

 

Software check failed

 

Verification of software was unsuccessful on all the specified nodes.

 

一.1.1.2  解決

 因此要解決這個問題其實並不難，咱們大體能夠經過以下幾種方法來解決：

1. 根據前面的幾個權限配置腳本本身參考進行修改，實際上並不難，直接UE編輯就很快搞定.

2. 根據Mos文檔提供的建議經過 $GRID_HOME/crs/install/rootcrs.pl -init 或 roothas.pl -init進行解決. rootcrs.pl –init是在PSU>11.2.0.3.6下執行的，若是PSU<11.2.0.3.6能夠執行以下兩條命令來實現一樣的效果

<GRID_HOME>/crs/install/rootcrs.pl -unlock

<GRID_HOME>/crs/install/rootcrs.pl -patch

 

For 11.2:
For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./rootcrs.pl -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./roothas.pl  -init

For 12c:
For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./rootcrs.sh -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./roothas.sh -init

 

3.採用MOS1515018.1文檔提供的腳本在正常庫上生成腳本，而後將生成的腳本在異常庫上執行從而來修復權限問題（應該和方法2結合使用）。

 

4. 11gR2能夠deconfig crs的配置，而後從新跑root.sh便可。從新跑root.sh腳本並不影響數據庫，因此無需擔憂（我的推薦的一種方式）.

$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose

$ORACLE_HOME/root.sh

 

5. 若是是rac的某個節點的誤操做，那麼還能夠經過delete node而後add node來作，不過這個相對麻煩太多了，可是或許是最保險的一種方式。oracle也推薦這樣，由於你若是人爲修改文件權限，很難保證之後運行過程當中不會出現什麼問題。

補充：

Linux環境中還能夠經過getfacl和setfacl來進行操做，以下是例子：

1) getfacl   /home/grid/app/11.2/grid  > dir_privs.txt

2) set –restore dir_privs.txt

 

總結：

在安裝有GI的環境下，權限、屬主是嚴格被設定的，任何對於它們的錯誤修改容易引起一系列的問題，並且這些問題每每都很詭異很難按照常規的思路去診斷。萬一權限或屬主被修改了能夠經過rootcrs.pl -init及permission.pl進行修復，rootcrs.pl –init僅修復GI的核心目錄，因此其修復速度較快，若是遇到GI沒法啓動的問題，建議首選這種方法以使GI可以快速啓動，但其缺點在於沒法全量的進行修復，GI雖然正常了，並不能保證以後的運行過程當中不出現這樣那樣的問題，這時就須要permission.pl出場了，permission.pl的運行模式決定了源庫(權限正確的庫)與目標庫(權限錯誤的庫)間的軟件版本儘量的一致，因此源庫必定要選好，不然問題會更糟，另外若是源、目標兩個庫的安裝目錄不同還須要對permission*腳本做調整後再執行。

因此我的建議仍是跑root.sh來的穩妥一點。

 

一.1.1.3  MOS 1515018.1  permission.pl腳本的使用

chmod 755 permission.pl

oracle用戶獲取ORACLE_HOME： ./permission.pl $ORACLE_HOME

root用戶獲取GRID_HOME： ./permission.pl $ORACLE_HOME

 

Script generates two files
a. permission-<time stamp> - This contains file permission in octal value, owner and group information of the files captured
b. restore-perm-<time stamp>.cmd - This contains command to change the permission, owner, and group of the captured files

 

 

拷貝到目標主機後分別執行：

chmod 755 restore-perm-<timestamp>.cmd

    ./restore-perm-<timestamp>.cmd

 

 

一.1.2  如何修復ASM實例名和節點名不一致的狀況

對於10g的狀況，咱們能夠參考Dave大神的blog：RAC修改ASM實例名的步驟:http://blog.csdn.net/tianlesoftware/article/details/6275827

對於11g的狀況，咱們只能從新執行root.sh腳原本修復這個問題。

 

 

一.1.3  如何完全清除CRS信息

[ZFTPCCDB1:root]:/>$ORACLE_HOME/crs/install/rootcrs.pl -h

Unknown option: h

Usage:

      rootcrs.pl [-verbose] [-upgrade [-force] | -patch]

                 [-paramfile <parameter-file>]

                 [-deconfig [-deinstall] [-keepdg] | -downgrade] [-force] [-lastnode]

                 [-downgrade] [-oldcrshome <old crshome path>] [-version <old crs version>]  

                 [-unlock [-crshome <path to crs home>] [-nocrsstop]]

 

      Options:

       -verbose    Run this script in verbose mode

       -upgrade    Oracle HA is being upgraded from previous version

       -patch      Oracle HA is being upgraded to a patch version

       -paramfile  Complete path of file specifying HA parameter values

       -lastnode   Force the node this is executing on to be considered the

                   last node of the install and perform actions associated

                   with configuring the last node

       -downgrade  Downgrade the clusterware

       -version    For use with downgrade; special handling is required if

                   downgrading to 9i. This is the old crs version in the format

                   A.B.C.D.E (e.g 11.1.0.6.0).

       -deconfig   Remove Oracle Clusterware to allow it to be uninstalled or reinstalled.

       -force      Force the execution of steps in delete that cannot be verified

                   to be safe

       -deinstall  Reset the permissions on CRS home during de-configuration

       -keepdg     Keep existing diskgroups during de-configuration

       -unlock     Unlock CRS home

       -crshome    Complete path of crs home. Use with unlock option.

       -oldcrshome For use with downgrade. Complete path of the old crs home.

       -nocrsstop  used with unlock option to reset permissions on an inactive grid home

 

      If neither -upgrade nor -patch is supplied, a new install is performed

 

      To see the full manpage for this program, execute:

        perldoc rootcrs.pl

 

[ZFTPCCDB1:root]:/>

 

根據MOSHow to Proceed from Failed 11gR2 Grid Infrastructure (CRS) Installation (文檔 ID 942166.1) 文檔，若要從新執行root.sh腳本，咱們能夠以下操做：

在除最後一個節點外的全部節點執行：$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose

在最後一個節點執行：$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose -lastnode

重啓OS後再執行：$ORACLE_HOME/root.sh

須要注意的一點是，咱們在執行完$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose執成以後須要刪除以下的文件：

ls -l $ORACLE_BASE/Clusterware/ckptGridHA*

find $ORACLE_HOME/gpnp/* -type f

find $ORACLE_HOME/gpnp/* -type f -exec rm -rf {} \;

 

其中（find $ORACLE_HOME/gpnp/* -type f）中的文件刪除後，咱們在從新執行root.sh的時候纔會有以下的提示：

root wallet

root wallet cert

root cert export

peer wallet

profile reader wallet

pa wallet

peer wallet keys

pa wallet keys

peer cert request

pa cert request

peer cert

pa cert

peer root cert TP

profile reader root cert TP

pa root cert TP

peer pa cert TP

pa peer cert TP

profile reader pa cert TP

profile reader peer cert TP

peer user cert

pa user cert

About Me

..........................................................................................................................................................................................................

本文做者：小麥苗，只專一於數據庫的技術，更注重技術的運用

本文在ITpub（http://blog.itpub.net/26736162）和博客園(http://www.cnblogs.com/lhrbest)有同步更新

本文地址：http://blog.itpub.net/26736162/viewspace-2121470/

本文pdf版：http://yunpan.cn/cdEQedhCs2kFz （提取碼：ed9b） 

小麥苗分享的其它資料：http://blog.itpub.net/26736162/viewspace-1624453/

聯繫我請加QQ好友(642808185)，註明添加原因

於 2016-06-24 10:00~ 2016-07-04 19:00 在中行完成

【版權全部，文章容許轉載，但須以連接方式註明源地址，不然追究法律責任】

..........................................................................................................................................................................................................

 

拿起手機掃描下邊的圖片來關注小麥苗的微信公衆號：xiaomaimiaolhr,學習最實用的數據庫技術。

本文分享自微信公衆號 - DB寶（lhrdba）。
若有侵權，請聯繫 support@oschina.cn 刪除。
本文參與「OSC源創計劃」，歡迎正在閱讀的你也加入，一塊兒分享。