How to recreate shared ASM password file in 12c GI cluster (Doc ID 1929673.1)

时间:2021-11-23 21:32:21

How to recreate shared ASM password file in 12c GI cluster (Doc ID 1929673.1)

APPLIES TO:

Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Information in this document applies to any platform.

GOAL

This note provides the steps to recreate the shared ASM password file in 12c Flex ASM.

SOLUTION

 

Best Practice will be backup the ASM password file and if we had any issues with the diskgroup stores the password can be restored in easy way as below

1. Backup the password file

ASMCMD> pwcopy +DATA/orapwASM /tmp/asm.pwd
copying +DATA/orapwASM -> /tmp/asm.pwd

2. In case of issue with password file, we can restore it as below

ASMCMD> pwcopy --asm /tmp/asm.pwd +DATA/orapwASM -f
copying /tmp/asm.pwd -> +DATA/orapwASM
ASMCMD> ls -l
Type Redund Striped Time Sys Name
N ASM/
N _mgmtdb/
Y cehaovm-cluster/
PASSWORD UNPROT COARSE SEP 19 09:00:00 N orapwasm => +DATA/ASM/PASSWORD/pwdasm.257.955101541

 

For 12c R1

Step 1: Create ASM password file with sys and asmsnmp user

ASMCMD> pwcreate --asm <+OCR-DG>/orapwASM <sys-password>
ASMCMD> orapwusr --grant sysasm sys
ASMCMD> orapwusr --add asmsnmp 
Enter password: ********
ASMCMD> orapwusr --grant sysdba asmsnmp

If "pwcreate" fails with ORA-15005, delete the existing password file first:

ASMCMD> rm <DGOCR>/orapwASM

 

Step 2: Find out user name and password for CRSD to connect

$ crsctl query credmaint -path ASM/Self -credtype userpass 
Path Credtype ID Attrs

/ASM/Self/c6d161f1b2106fd6ff51c756aa846819userpass 0 create_time=2014-09-16 00:05:52, modify_time=2014-09-16 00:05:52, expiration_time=NEVER,bootstrap=FALSE 

Note: First column "path" in the output will be used in the next two commands

$ crsctl get credmaint -path /ASM/Self/c6d161f1b2106fd6ff51c756aa846819 -credtype userpass -id 0 -attr user -local
crsuser__asm_001                     ====>> this is the user name

$ crsctl get credmaint -path /ASM/Self/c6d161f1b2106fd6ff51c756aa846819 -credtype userpass -id 0 -attr passwd -local
hKcb3TMBj3y3Im7Mx2Uifvx8LZ8PP              ====>> this is the password


Step 3: Create the user for CRSD to connect

ASMCMD> orapwusr --add crsuser__asm_001
Enter password: *****************************
ASMCMD> orapwusr --grant sysdba crsuser__asm_001
ASMCMD> orapwusr --grant sysasm crsuser__asm_001

NOTE: Type the password received from Step 2, Copy and Paste may cause issues in restart of CRS


Step 4: Confirm list of users

ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
CRSUSER__ASM_001 TRUE FALSE TRUE
ASMSNMP TRUE FALSE FALSE

 

If the procedure isn't followed, after recreating ASM password file, on non-local node, ora.crsd will not start as ora.storage resource fails with the following errors in <ADR_HOME>/crs/<node>/crs/trace/ohasd_orarootagent_root.trc
.

2014-09-09 00:04:34.060702*:kgfn.c@6286: kgfnConnect2Int: OCISessionBegin failed 
2014-09-09 00:04:34.060702*:kgfn.c@1606: kgfnRecordErrPriv: status=-1 at kgfn.c:6370 
2014-09-09 00:04:34.060702*:kgfn.c@1652: kgfnRecordErrPriv: 1017 error=ORA-01017: invalid username/password; logon denied

OR

2014-09-24 22:11:41.799924*:kgfn.c@6200: kgfnConnect2Int: OCISessionBegin failed
2014-09-24 22:11:41.799924*:kgfn.c@1602: kgfnRecordErrPriv: status=-1 at kgfn.c:6284
2014-09-24 22:11:41.799924*:kgfn.c@1648: kgfnRecordErrPriv: 1031 error=ORA-01031: insufficient privileges

 NOTE:As per Bug 25847218 the above procedure is only applicable to Flex-ASM Configurations.

 

For 12c R2

Step 1: Create ASM password file with sys and asmsnmp user

 

$ asmcmd lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
CRSUSER__ASM_001 TRUE FALSE TRUE
ASMSNMP TRUE FALSE FALSE

$ asmcmd pwget --asm
+DATA/orapwASM

ASMCMD> pwcopy +DATA/orapwASM /tmp/asm.pwd
copying +DATA/orapwASM -> /tmp/asm.pwd

ASMCMD> pwcreate --asm +DATA/orapwASMnew 'welcome@1' -f
ASMCMD> pwget --asm
+DATA/orapwasmnew
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE FALSE
ASMCMD> orapwusr --grant sysasm SYS
ASMCMD> orapwusr --add ASMSNMP
Enter password: *********<<<<<<<<<<<<<<<<<<<<<welcome@1
ASMCMD> orapwusr --grant sysdba ASMSNMP
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE

 Step 2: Find out user name and password for CRSD to connect, starting from 12.2 "query credmaint" will not work as per design

 

$ crsctl query credmaint -path ASM/Self
Path Credtype ID Attrs

credmaint is an internal option and therefore undocumented. It is used by internal scripts in configuring various services.

Dump the OCR contents as below

$ $GRID_HOME/bin/ocrdump /tmp/ocr.dmp
PROT-310: Not all keys were dumped due to permissions.
$ vi /tmp/ocr.dmp

--Search for below
SYSTEM.ASM.CREDENTIALS.USERS.CRSUSER__ASM_001]
ORATEXT : 3889b62c95b64f9bffae7aa8eaa6001d:oracle<<<<<<<<<<<<<<<<<<<<<<This is our credential to retrieve the password
SECURITY : {USER_PERMISSION : PROCR_ALL_ACCESS, GROUP_PERMISSION : PROCR_READ, OTHER_PERMISSION : PROCR_NONE, USER_NAME : oracle, GROUP_NAME : oinstall}

$ crsctl get credmaint -path /ASM/Self/3889b62c95b64f9bffae7aa8eaa6001d -credtype userpass -id 0 -attr user -local
CRSUSER__ASM_001

$ crsctl get credmaint -path /ASM/Self/3889b62c95b64f9bffae7aa8eaa6001d -credtype userpass -id 0 -attr passwd -local
VWadlWRmYlAc9hfKGuVslNz4XANSl<<<<<<<<<This is the password

 Step 3: Create the user for CRSD to connect

 

ASMCMD> orapwusr --add CRSUSER__ASM_001
Enter password: *****************************<<<<<<<<Password taken from Step 2
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
CRSUSER__ASM_001 FALSE FALSE FALSE
ASMCMD> orapwusr --grant sysdba CRSUSER__ASM_001
ASMCMD> orapwusr --grant sysasm CRSUSER__ASM_001
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
CRSUSER__ASM_001 TRUE FALSE TRUE

[oracle@cehaovmsp1003 ~]$ srvctl config asm
ASM home: <CRS home>
Password file: +DATA/orapwasmnew
Backup of Password file:
ASM listener: LISTENER
ASM instance count: 3
Cluster ASM listener: ASMNET1LSNR_ASM