Oracle OCR的备份与恢复(2)--如何修复11.2 Grid权限误操做

一.1.1  如何修复11.2 Grid权限误操做

 关于Oracle GRID HOME文件目录的权限问题

①　chown -R 误操做了，将整个/u01/app的权限修过了如何恢复？

②　删除了$GRID_HOME/log文件夹下的全部内容，集群不能启动，如何恢复？

使用chown -R 误操做了，将整个/u01/app的权限修过了，致使grid没法启动。，搜了下mos发现了一篇文档：Tips for checking file permissions on GRID environment(ID 1931142.1)

该文档中描述到,$GRID_HOME/crs/utl下面的几个文件中记录了整个GRID_HOME下面的文件和目录的相关权限。

Check the permissions from the following 2 files which are created during Grid Infrastructure installation.

In $GRID_HOME/crs/utl (for 11.2 and 12.1.0.1) and <GRID_HOME>/crs/utl/<hostname> (for 12.1.0.2) directory:

crsconfig_dirs ：which has all directories listed in <GRID_HOME> and their permissions

crsconfig_fileperms ：which has list of files and their permissions and locations in <GRID_HOME>.

 

 咱们来看下是不是这样的,cd $ORACLE_HOME/crs/utl：

[root@rac2 bin]# cd  /home/grid/app/11.2/grid/crs/utl

[root@rac2 utl]# ls -ltr

total 324

-rw-r–r– 1 root root  1128 Aug 11 09:48 usrvip

-rw-r–r– 1 root root  8437 Aug 11 09:48 srvctl

……

-rw-r–r– 1 root root 12102 Aug 11 09:48 crsconfig_files

-rw-r–r– 1 root root 13468 Aug 11 09:48 crsconfig_fileperms

-rw-r–r– 1 root root  8666 Aug 11 09:48crsconfig_dirs

-rw-r–r– 1 root root   699 Aug 11 09:48 crfsetenv

-rw-r–r– 1 root root  1280 Aug 11 09:48 cmdllroot.sh

-rw-r–r– 1 root root  3680 Aug 11 09:48 cluutil

-rw-r–r– 1 root root  1648 Aug 11 09:48 clsrwrap

-rw-r–r– 1 root root   540 Aug 11 09:48 appvipcfg

[zfzhlhrdb1:grid]:/oracle/app/11.2.0/grid/crs/utl>more crsconfig_dirs

# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.

# The values in each line use the following format:

#

# OSLIST DIRNAME OWNER GROUP CLOSED-PERMS OPEN-PERMS

#

# Note:

# 1) OSLIST is a comma-separated list of platforms on which the directory

#    needs to be created.  'all' indicates that the directory needs to be

#    created on every platform.  OSLIST MUST NOT contain whitespace.

# 2) Permissions need to be specified AS OCTAL NUMBERS.  If permissions are

#    not specified, default (umask) values will be used.

#

# TBD: OPEN-PERMS need to be added for each dir

 

all /oracle/app/11.2.0/grid/cdata grid dba 0775

all /oracle/app/11.2.0/grid/cdata/zfzhlhrdb-crs grid dba 0775

all /oracle/app/11.2.0/grid/cfgtoollogs grid dba 0775

all /oracle/app/11.2.0/grid/cfgtoollogs/crsconfig grid dba 0775

all /oracle/app/11.2.0/grid/log grid dba 0775

.............................................

unix /etc/oracle/olr.loc root dba 0644

unix /etc/oracle/ocr.loc root dba 0644

[zfzhlhrdb1:grid]:/oracle/app/11.2.0/grid/crs/utl>

咱们能够看到，确实是这样，crsconfig_dirs里面记录全部$GRID_HOME相关目录的权限。crsconfig_fileperms中记录了文件的权限.

一.1.1.1  校验权限

咱们能够经过命令来校验：Validate the <GRID_HOME> by using cluvfy tool.

$ cluvfy comp software -n all -verbose

 

[zfzhlhrdb1:grid]:/home/grid>cluvfy comp software -n all -verbose

 

Verifying software

 

Check: Software

 

  Component: crs                      

 

  Node Name: zfzhlhrdb2               

    /oracle/app/11.2.0/grid/bin/racgeut..."Permissions" did not match reference

        Permissions of file "/oracle/app/11.2.0/grid/bin/racgeut" did not match the expected value. [Expected = "0755" ; Found = "0775"]

    /oracle/app/11.2.0/grid/bin/racgmain..."Permissions" did not match reference

        Permissions of file "/oracle/app/11.2.0/grid/bin/racgmain" did not match th...............................

    /oracle/app/11.2.0/grid/clone/rootpre/ORCLcluster/lib/libskgxnr.a...No such file or directory

 

  1227 files verified                 

 

Software check failed

 

Verification of software was unsuccessful on all the specified nodes.

 

一.1.1.2  解决

 因此要解决这个问题其实并不难，咱们大体能够经过以下几种方法来解决：

1. 根据前面的几个权限配置脚本本身参考进行修改，实际上并不难，直接UE编辑就很快搞定.

2. 根据Mos文档提供的建议经过 $GRID_HOME/crs/install/rootcrs.pl -init 或 roothas.pl -init进行解决. rootcrs.pl –init是在PSU>11.2.0.3.6下执行的，若是PSU<11.2.0.3.6能够执行以下两条命令来实现一样的效果

<GRID_HOME>/crs/install/rootcrs.pl -unlock

<GRID_HOME>/crs/install/rootcrs.pl -patch

 

For 11.2:
For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./rootcrs.pl -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./roothas.pl  -init

For 12c:
For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./rootcrs.sh -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./roothas.sh -init

 

3.采用MOS1515018.1文档提供的脚本在正常库上生成脚本，而后将生成的脚本在异常库上执行从而来修复权限问题（应该和方法2结合使用）。

 

4. 11gR2能够deconfig crs的配置，而后从新跑root.sh便可。从新跑root.sh脚本并不影响数据库，因此无需担忧（我的推荐的一种方式）.

$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose

$ORACLE_HOME/root.sh

 

5. 若是是rac的某个节点的误操做，那么还能够经过delete node而后add node来作，不过这个相对麻烦太多了，可是或许是最保险的一种方式。oracle也推荐这样，由于你若是人为修改文件权限，很难保证之后运行过程当中不会出现什么问题。

补充：

Linux环境中还能够经过getfacl和setfacl来进行操做，以下是例子：

1) getfacl   /home/grid/app/11.2/grid  > dir_privs.txt

2) set –restore dir_privs.txt

 

总结：

在安装有GI的环境下，权限、属主是严格被设定的，任何对于它们的错误修改容易引起一系列的问题，并且这些问题每每都很诡异很难按照常规的思路去诊断。万一权限或属主被修改了能够经过rootcrs.pl -init及permission.pl进行修复，rootcrs.pl –init仅修复GI的核心目录，因此其修复速度较快，若是遇到GI没法启动的问题，建议首选这种方法以使GI可以快速启动，但其缺点在于没法全量的进行修复，GI虽然正常了，并不能保证以后的运行过程当中不出现这样那样的问题，这时就须要permission.pl出场了，permission.pl的运行模式决定了源库(权限正确的库)与目标库(权限错误的库)间的软件版本尽量的一致，因此源库必定要选好，不然问题会更糟，另外若是源、目标两个库的安装目录不同还须要对permission*脚本做调整后再执行。

因此我的建议仍是跑root.sh来的稳妥一点。

 

一.1.1.3  MOS 1515018.1  permission.pl脚本的使用

chmod 755 permission.pl

oracle用户获取ORACLE_HOME： ./permission.pl $ORACLE_HOME

root用户获取GRID_HOME： ./permission.pl $ORACLE_HOME

 

Script generates two files
a. permission-<time stamp> - This contains file permission in octal value, owner and group information of the files captured
b. restore-perm-<time stamp>.cmd - This contains command to change the permission, owner, and group of the captured files

 

 

拷贝到目标主机后分别执行：

chmod 755 restore-perm-<timestamp>.cmd

    ./restore-perm-<timestamp>.cmd

 

 

一.1.2  如何修复ASM实例名和节点名不一致的状况

对于10g的状况，咱们能够参考Dave大神的blog：RAC修改ASM实例名的步骤:http://blog.csdn.net/tianlesoftware/article/details/6275827

对于11g的状况，咱们只能从新执行root.sh脚原本修复这个问题。

 

 

一.1.3  如何完全清除CRS信息

[ZFTPCCDB1:root]:/>$ORACLE_HOME/crs/install/rootcrs.pl -h

Unknown option: h

Usage:

      rootcrs.pl [-verbose] [-upgrade [-force] | -patch]

                 [-paramfile <parameter-file>]

                 [-deconfig [-deinstall] [-keepdg] | -downgrade] [-force] [-lastnode]

                 [-downgrade] [-oldcrshome <old crshome path>] [-version <old crs version>]  

                 [-unlock [-crshome <path to crs home>] [-nocrsstop]]

 

      Options:

       -verbose    Run this script in verbose mode

       -upgrade    Oracle HA is being upgraded from previous version

       -patch      Oracle HA is being upgraded to a patch version

       -paramfile  Complete path of file specifying HA parameter values

       -lastnode   Force the node this is executing on to be considered the

                   last node of the install and perform actions associated

                   with configuring the last node

       -downgrade  Downgrade the clusterware

       -version    For use with downgrade; special handling is required if

                   downgrading to 9i. This is the old crs version in the format

                   A.B.C.D.E (e.g 11.1.0.6.0).

       -deconfig   Remove Oracle Clusterware to allow it to be uninstalled or reinstalled.

       -force      Force the execution of steps in delete that cannot be verified

                   to be safe

       -deinstall  Reset the permissions on CRS home during de-configuration

       -keepdg     Keep existing diskgroups during de-configuration

       -unlock     Unlock CRS home

       -crshome    Complete path of crs home. Use with unlock option.

       -oldcrshome For use with downgrade. Complete path of the old crs home.

       -nocrsstop  used with unlock option to reset permissions on an inactive grid home

 

      If neither -upgrade nor -patch is supplied, a new install is performed

 

      To see the full manpage for this program, execute:

        perldoc rootcrs.pl

 

[ZFTPCCDB1:root]:/>

 

根据MOSHow to Proceed from Failed 11gR2 Grid Infrastructure (CRS) Installation (文档 ID 942166.1) 文档，若要从新执行root.sh脚本，咱们能够以下操做：

在除最后一个节点外的全部节点执行：$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose

在最后一个节点执行：$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose -lastnode

重启OS后再执行：$ORACLE_HOME/root.sh

须要注意的一点是，咱们在执行完$ORACLE_HOME/crs/install/rootcrs.pl -deconfig -force -verbose执成以后须要删除以下的文件：

ls -l $ORACLE_BASE/Clusterware/ckptGridHA*

find $ORACLE_HOME/gpnp/* -type f

find $ORACLE_HOME/gpnp/* -type f -exec rm -rf {} \;

 

其中（find $ORACLE_HOME/gpnp/* -type f）中的文件删除后，咱们在从新执行root.sh的时候才会有以下的提示：

root wallet

root wallet cert

root cert export

peer wallet

profile reader wallet

pa wallet

peer wallet keys

pa wallet keys

peer cert request

pa cert request

peer cert

pa cert

peer root cert TP

profile reader root cert TP

pa root cert TP

peer pa cert TP

pa peer cert TP

profile reader pa cert TP

profile reader peer cert TP

peer user cert

pa user cert

About Me

..........................................................................................................................................................................................................

本文做者：小麦苗，只专一于数据库的技术，更注重技术的运用

本文在ITpub（http://blog.itpub.net/26736162）和博客园(http://www.cnblogs.com/lhrbest)有同步更新

本文地址：http://blog.itpub.net/26736162/viewspace-2121470/

本文pdf版：http://yunpan.cn/cdEQedhCs2kFz （提取码：ed9b） 

小麦苗分享的其它资料：http://blog.itpub.net/26736162/viewspace-1624453/

联系我请加QQ好友(642808185)，注明添加原因

于 2016-06-24 10:00~ 2016-07-04 19:00 在中行完成

【版权全部，文章容许转载，但须以连接方式注明源地址，不然追究法律责任】

..........................................................................................................................................................................................................

 

拿起手机扫描下边的图片来关注小麦苗的微信公众号：xiaomaimiaolhr,学习最实用的数据库技术。

本文分享自微信公众号 - DB宝（lhrdba）。
若有侵权，请联系 support@oschina.cn 删除。
本文参与“OSC源创计划”，欢迎正在阅读的你也加入，一块儿分享。