Oracle Database Blog: Experiments & Learnings

August 29, 2011

11gR2 ASM password File in RAC

Filed under: Oracle RDBMS — Saurabh Manroy @ 11:15 pm

Pre 11gR2, each node in the cluster had ASM password file named as orapw<SID> .Starting 11gR2, password file in a RAC cluster is named using the format orapw<+’_asmsid’> .  “_asmsid” is an underscore parameter that defines default SID/Name of ASM instance.

If there are two nodes with +ASM1 running on node 1 and +ASM2 running on node2.

 -- Pre 11gR2 --
Password file on Node1: orapw+ASM1
Password file on Node2: orapw+ASM2
 -- 11gR2 --
Password file on Node1: orapw+ASM
Password file on Node2: orapw+ASM

So on 11gR2, when password is changed for a privileged user on ASM instance of one node in a cluster, it is immediately reflected on all other nodes in the cluster.  But who does it ?  Here is a simple test:

[oracle@node1 ~]$ sqlplus / as sysasm

SQL*Plus: Release 11.2.0.1.0 Production on Mon Aug 29 22:25:44 2011

Copyright (c) 1982, 2009, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Real Application Clusters and Automatic Storage Management options

SQL> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS                            TRUE  TRUE  TRUE
ASMSNMP                        TRUE  FALSE FALSE

On Node2, lets check who is accessing the file

[root@node2 ~]# while true; do lsof | grep orapw+ASM; done
-- No Output so far--
-- lsof command means: lists open file descriptors.
-- This script will list processes which are currently accessing the file orapw+ASM on node 2

Lets change password on ASM instance on Node 1 and check the output of shell script on Node2

SQL> alter user sys identified by ********;

User altered.

-- On Node 2 --
[root@node2 ~]# while true; do lsof | grep orapw+ASM; done
oracle    4863    oracle   22u      REG       8,16      1536     198556 /u02/app/11.2.0/grid/dbs/orapw+ASM

[root@node2 ~]# ps -ef |grep 4863
oracle    4863     1  0 22:22 ?        00:00:00 asm_ckpt_+ASM2

Another check that can be performed is:

On one of the nodes, suspend the ASM CKPT process.  Then try to execute a password change command (on ASM) from any other node in the cluster and it would hang.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: