Tuesday, July 21, 2015

ASM password FILE

Pre 11gR2, each node in the cluster had ASM password file named as orapw<SID> .Starting 11gR2, password file in a RAC cluster is named using the format orapw<+’_asmsid’> .  “_asmsid” is an underscore parameter that defines default SID/Name of ASM instance.
If there are two nodes with +ASM1 running on node 1 and +ASM2 running on node2.
Pre 11gR2 --
Password file on Node1: orapw+ASM1
Password file on Node2: orapw+ASM2

11gR2 --
Password file on Node1: orapw+ASM
Password file on Node2: orapw+ASM
So on 11gR2, when password is changed for a privileged user on ASM instance of one node in a cluster, it is immediately reflected on all other nodes in the cluster.  But who does it ?  Here is a simple test:
[oracle@node1 ~]$ sqlplus / as sysasm

SQL*Plus: Release 11.2.0.1.0 Production on Mon Aug 29 22:25:44 2011

Copyright (c) 1982, 2009, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Real Application Clusters and Automatic Storage Management options

SQL> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS                            TRUE  TRUE  TRUE
ASMSNMP                        TRUE  FALSE FALSE
On Node2, lets check who is accessing the file
[root@node2 ~]# while true; do lsof | grep orapw+ASM; done
-- No Output so far--
-- lsof command means: lists open file descriptors.
-- This script will list processes which are currently accessing the file
orapw+ASM on node 2
Lets change password on ASM instance on Node 1 and check the output of shell script on Node2
SQL> alter user sys identified by ********;

User altered.

-- On Node 2 --
[root@node2 ~]# while true; do lsof | grep orapw+ASM; done
oracle    4863    oracle   22u      REG       8,16      1536     198556
/u02/app/11.2.0/grid/dbs/orapw+ASM

[root@node2 ~]# ps -ef |grep 4863
oracle    4863     1  0 22:22 ?        00:00:00 asm_ckpt_+ASM2
Another check that can be performed is:
On one of the nodes, suspend the ASM CKPT process.  Then try to execute a password change command (on ASM) from any other node in the cluster and it would hang.


Posted by at
Labels:

No comments:

Post a Comment

Share your knowledge it really improves, don't show off...

Subscribe to: Post Comments (Atom)