Is user equivelance really required at the OS level after RAC installation?
A wild though came to my head late this evening about the user equivelance in RAC. What will happen if i remove the user equivelance for the oracle home owner between the RAC nodes. What do you think – will this mess up the normal operation of the database ???
BTW, User Equivelance = Ability to ssh between rac nodes without password.
Assumptions
RAC Servers: RAC_NODE_1, RAC_NODE_2
DB Name : opitstop
DB Owner : orapstop
orapstop@RAC_NODE_1
1. srvctl stop database -d OPITSTOP
2. cd $HOME/.ssh && mv authorized_keys authorized_keys_old [ authorized_keys file holds the rsa/dsa keys, which enables ssh to other boxes without password]
At this stage, opitstop DB is down and RAC_NODE_2 cannot ssh to RAC_NODE_1 since RAC_NODE_1 authorized_keys file had been moved.
orapstop@RAC_NODE_2
cd $HOME/.ssh && mv authorized_keys authorized_keys_old
Now both the nodes cannot do ssh between them without password.
orapstop@RAC_NODE_1
Lets start the database, using srvctl to see if it errors out
srvctl start database -d OPITSTOP
NOPE, it doesnt … it works as before, started the instances on both RAC_NODE_1 and RAC_NODE_2.
At this stage in the alert log file, the database was able to get information about the other node and a select on gv$instance shows both instances too. I let the db to run for sometime … still there was no error.
Now lets revert back the user equivelance on both nodes.
orapstop@RAC_NODE_1: cd $HOME/.ssh && mv authorized_keys_old authorized_keys
orapstop@RAC_NODE_2: cd $HOME/.ssh && mv authorized_keys_old authorized_keys
So based on this excercise my conclusion is, user equivelance is required only for RAC installation’s / RAC binary upgrades viz., 10.2.0.1 to 10.2.0.3 or 4 / patching using opatch option napply and not for normal operations of the database.
Oh yeah, its a good feeling to mess up with the setup and to get it back working.
Happy Messing !!!
cheers,
OraclePitStop
