Is user equivelance really required at the OS level after RAC installation?

Posted on December 18, 2008. Filed under: Database, DBA/Admin Tips, Operating System, RAC, TroubleShooting, Uncategorized | Tags: , , , |

A wild though came to my head late this evening about the user equivelance in RAC. What will happen if i remove the user equivelance for the oracle home owner between the RAC nodes. What do you think – will this mess up the normal operation of the database ???

BTW, User Equivelance = Ability to ssh between rac nodes without password.

Assumptions

RAC Servers: RAC_NODE_1, RAC_NODE_2
DB Name : opitstop
DB Owner : orapstop

orapstop@RAC_NODE_1

1. srvctl stop database -d OPITSTOP
2. cd $HOME/.ssh && mv authorized_keys authorized_keys_old [ authorized_keys file holds the rsa/dsa keys, which enables ssh to other boxes without password]

At this stage, opitstop DB is down and RAC_NODE_2 cannot ssh to RAC_NODE_1 since RAC_NODE_1 authorized_keys file had been moved.

orapstop@RAC_NODE_2

cd $HOME/.ssh && mv authorized_keys authorized_keys_old

Now both the nodes cannot do ssh between them without password.

orapstop@RAC_NODE_1

Lets start the database, using srvctl to see if it errors out

srvctl start database -d OPITSTOP

NOPE, it doesnt … it works as before, started the instances on both RAC_NODE_1 and RAC_NODE_2.

At this stage in the alert log file, the database was able to get information about the other node and a select on gv$instance shows both instances too. I let the db to run for sometime … still there was no error.

Now lets revert back the user equivelance on both nodes.

orapstop@RAC_NODE_1: cd $HOME/.ssh && mv authorized_keys_old authorized_keys
orapstop@RAC_NODE_2: cd $HOME/.ssh && mv authorized_keys_old authorized_keys

So based on this excercise my conclusion is, user equivelance is required only for RAC installation’s / RAC binary upgrades viz., 10.2.0.1 to 10.2.0.3 or 4 / patching using opatch option napply and not for normal operations of the database.

Oh yeah, its a good feeling to mess up with the setup and to get it back working.

Happy Messing !!!

cheers,
OraclePitStop

Advertisements
Read Full Post | Make a Comment ( None so far )

CLUVFY utility will fail if ssh banner is enabled

Posted on April 30, 2008. Filed under: RAC | Tags: , , , , , |

The cluster verification utility will fail in User Equivalence check between RAC nodes, if ssh banner is enabled on the boxes. According to Oracle (Note ID: 4692561.8 – Bug ID: 4692561) this issue is fixed in 10.2.0.4 and 11.1.0.6.

Whereas in our case, we did download the latest cluvfy utility (11g) but we still faced this issue.

11g cluvfy utility can be run against 10g databases, by adding the option -r 10gR1 or 10gR2.

Sample cluster pre-install verification command

runcluvfy.sh stage -pre crsinst -n node1,node2 -r 10gR2 -verbose
— No space between node1, and node2 (node1,node2 holds good – node1, node2 doesnt)

Before running runcluvfy.sh make sure you had set CV_HOME and CV_JDKHOME.

Workaround

Disable the ssh login banner and re-run the cluvfy utility.

cheers,
Ram.

Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...