How to recreate shared ASM password file in 12c GI cluster (Doc ID 1929673.1)
APPLIES TO:
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Backup Service - Version N/A and later
Information in this document applies to any platform.
GOAL
This note provides the steps to recreate the shared ASM password file in 12c Flex ASM.
SOLUTION
1. Backup the password file
ASMCMD> pwcopy +DATA/orapwASM /tmp/asm.pwd
copying +DATA/orapwASM -> /tmp/asm.pwd
2. In case of issue with password file, we can restore it as below
ASMCMD> pwcopy --asm /tmp/asm.pwd +DATA/orapwASM -f
copying /tmp/asm.pwd -> +DATA/orapwASM
ASMCMD> ls -l
Type Redund Striped Time Sys Name
N ASM/
N _mgmtdb/
Y cehaovm-cluster/
PASSWORD UNPROT COARSE SEP 19 09:00:00 N orapwasm => +DATA/ASM/PASSWORD/pwdasm.257.955101541
For 12c R1
Step 1: Create ASM password file with sys and asmsnmp user
ASMCMD> orapwusr --grant sysasm sys
ASMCMD> orapwusr --add asmsnmp
Enter password: ********
ASMCMD> orapwusr --grant sysdba asmsnmp
If "pwcreate" fails with ORA-15005, delete the existing password file first:
Step 2: Find out user name and password for CRSD to connect
$ crsctl query credmaint -path ASM/Self -credtype userpass
Path Credtype ID Attrs
/ASM/Self/c6d161f1b2106fd6ff51c756aa846819userpass 0 create_time=2014-09-16 00:05:52, modify_time=2014-09-16 00:05:52, expiration_time=NEVER,bootstrap=FALSE
Note: First column "path" in the output will be used in the next two commands
$ crsctl get credmaint -path /ASM/Self/c6d161f1b2106fd6ff51c756aa846819 -credtype userpass -id 0 -attr user -local
crsuser__asm_001 ====>> this is the user name
$ crsctl get credmaint -path /ASM/Self/c6d161f1b2106fd6ff51c756aa846819 -credtype userpass -id 0 -attr passwd -local
hKcb3TMBj3y3Im7Mx2Uifvx8LZ8PP ====>> this is the password
Step 3: Create the user for CRSD to connect
Enter password: *****************************
ASMCMD> orapwusr --grant sysdba crsuser__asm_001
ASMCMD> orapwusr --grant sysasm crsuser__asm_001
NOTE: Type the password received from Step 2, Copy and Paste may cause issues in restart of CRS
Step 4: Confirm list of users
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
CRSUSER__ASM_001 TRUE FALSE TRUE
ASMSNMP TRUE FALSE FALSE
If the procedure isn't followed, after recreating ASM password file, on non-local node, ora.crsd will not start as ora.storage resource fails with the following errors in <ADR_HOME>/crs/<node>/crs/trace/ohasd_orarootagent_root.trc
.
2014-09-09 00:04:34.060702*:kgfn.c@6286: kgfnConnect2Int: OCISessionBegin failed
2014-09-09 00:04:34.060702*:kgfn.c@1606: kgfnRecordErrPriv: status=-1 at kgfn.c:6370
2014-09-09 00:04:34.060702*:kgfn.c@1652: kgfnRecordErrPriv: 1017 error=ORA-01017: invalid username/password; logon denied
OR
2014-09-24 22:11:41.799924*:kgfn.c@6200: kgfnConnect2Int: OCISessionBegin failed
2014-09-24 22:11:41.799924*:kgfn.c@1602: kgfnRecordErrPriv: status=-1 at kgfn.c:6284
2014-09-24 22:11:41.799924*:kgfn.c@1648: kgfnRecordErrPriv: 1031 error=ORA-01031: insufficient privileges
NOTE:As per Bug 25847218 the above procedure is only applicable to Flex-ASM Configurations.
For 12c R2
Step 1: Create ASM password file with sys and asmsnmp user
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
CRSUSER__ASM_001 TRUE FALSE TRUE
ASMSNMP TRUE FALSE FALSE
$ asmcmd pwget --asm
+DATA/orapwASM
ASMCMD> pwcopy +DATA/orapwASM /tmp/asm.pwd
copying +DATA/orapwASM -> /tmp/asm.pwd
ASMCMD> pwcreate --asm +DATA/orapwASMnew 'welcome@1' -f
ASMCMD> pwget --asm
+DATA/orapwasmnew
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE FALSE
ASMCMD> orapwusr --grant sysasm SYS
ASMCMD> orapwusr --add ASMSNMP
Enter password: *********<<<<<<<<<<<<<<<<<<<<<welcome@1
ASMCMD> orapwusr --grant sysdba ASMSNMP
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
Step 2: Find out user name and password for CRSD to connect, starting from 12.2 "query credmaint" will not work as per design
Path Credtype ID Attrs
credmaint is an internal option and therefore undocumented. It is used by internal scripts in configuring various services.
Dump the OCR contents as below
$ $GRID_HOME/bin/ocrdump /tmp/ocr.dmp
PROT-310: Not all keys were dumped due to permissions.
$ vi /tmp/ocr.dmp
--Search for below
SYSTEM.ASM.CREDENTIALS.USERS.CRSUSER__ASM_001]
ORATEXT : 3889b62c95b64f9bffae7aa8eaa6001d:oracle<<<<<<<<<<<<<<<<<<<<<<This is our credential to retrieve the password
SECURITY : {USER_PERMISSION : PROCR_ALL_ACCESS, GROUP_PERMISSION : PROCR_READ, OTHER_PERMISSION : PROCR_NONE, USER_NAME : oracle, GROUP_NAME : oinstall}
$ crsctl get credmaint -path /ASM/Self/3889b62c95b64f9bffae7aa8eaa6001d -credtype userpass -id 0 -attr user -local
CRSUSER__ASM_001
$ crsctl get credmaint -path /ASM/Self/3889b62c95b64f9bffae7aa8eaa6001d -credtype userpass -id 0 -attr passwd -local
VWadlWRmYlAc9hfKGuVslNz4XANSl<<<<<<<<<This is the password
Step 3: Create the user for CRSD to connect
Enter password: *****************************<<<<<<<<Password taken from Step 2
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
CRSUSER__ASM_001 FALSE FALSE FALSE
ASMCMD> orapwusr --grant sysdba CRSUSER__ASM_001
ASMCMD> orapwusr --grant sysasm CRSUSER__ASM_001
ASMCMD> lspwusr
Username sysdba sysoper sysasm
SYS TRUE TRUE TRUE
ASMSNMP TRUE FALSE FALSE
CRSUSER__ASM_001 TRUE FALSE TRUE
[oracle@cehaovmsp1003 ~]$ srvctl config asm
ASM home: <CRS home>
Password file: +DATA/orapwasmnew
Backup of Password file:
ASM listener: LISTENER
ASM instance count: 3
Cluster ASM listener: ASMNET1LSNR_ASM