Wednesday, September 17, 2014

No Write Permission on ACFS Mount Point



Last night, I managed to create the ACFS Mount Point after resolving the issue "ACFS-9459: ASVM/ACFS is not supported on this os version". But, after creating the ACFS Mount Point, I'm unable to create or touch any files under this ACFS Mount Point.

Though, I tried to touch a file to create files under this ACFS Mount Point using OS User Oracle and Root, it's failing with the following error:

"touch: cannot touch `x': Permission denied"

Here are the steps I tried and got the error:

The ACFS Mount Point "/oracle/prd"  has been created on Linux 6.5 server using Oracle ASMCA tool, and this "/oracle/prd" mount point has 775 permission.

As Oracle User:

[oracle@Linux01 ~]# df -m|grep -i asm
/dev/asm/oracle_prd-77   35840    148     35693   1% /oracle/prd
[oracle@Linux01 ~]# cd /oracle/prd
[oracle@Linux01 prd]# pwd
/oracle/prd
[oracle@Linux01 prd]# ls -ld /oracle/prd
drwxrwxr-x. 4 oracle dba 4096 Sep 15 19:29 /oracle/prd
[oracle@Linux01 prd]# ls
lost+found
[oracle@Linux01 prd]# touch abc
touch: cannot touch `abc': Permission denied
[oracle@Linux01 prd]#

As Root user:

[root@Linux01 ~]# df -m|grep -i asm
/dev/asm/oracle_prd-77   35840    148     35693   1% /oracle/prd
[root@Linux01 ~]# cd /oracle/prd
[root@Linux01 prd]# pwd
/oracle/prd
[root@Linux01 prd]# ls -ld /oracle/prd
drwxrwxr-x. 4 oracle dba 4096 Sep 15 19:29 /oracle/prd
[root@Linux01 prd]# ls
lost+found
[root@Linux01 prd]# touch abc
touch: cannot touch `abc': Permission denied
[root@Linux01 prd]#

The problem was the SELinux is enabled on the Linux System.

To check, if SELinux is enable/disable on the system, cat the file "/etc/selinux/config"
Note: Used the root login to do the following steps:

[root@Linux01]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Or use the sestatus command to check the status.

[root@geprdb850 prd]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          disabled
Policy version:                 28
Policy from config file:        targeted

Here is how to disable SElinux:

Method 1- Edit "/etc/selinux/config" and set the SELINUX variable to 'disabled'
Method 2- Use the setenforce command to disable on-the-fly

If you go with Method 1, then your changes are permanent but only effective if you reboot the machine.

If you go with Method 2, then your changes are NOT permanent but effective immediately.

Method 1: (Permanent Change)

Take the backup of "/etc/selinux/config" file.

[root@Linux01]# cp /etc/selinux/config /etc/selinux/config.bkp

Then edit "/etc/selinux/config" the file and set the SELinux variable to 'disabled'

[root@Linux01]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Then reboot the server!!

Method 2: (On-the-fly)

[root@Linux01]# getenforce
Enforcing

[root@Linux01]# setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

[root@Linux01 prd]# setenforce 0

[root@Linux01 prd]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          disabled
Policy version:                 28
Policy from config file:        targeted

[root@Linux01]# getenforce
Disabled

After the SELinux is disabled, then creating the files under ACFS Mount Point is succeeded.

Note: The above commands have to be completed by root user and do this under system admin supervision.

Regards,
Sabdar Syed.

http://sabdarsyed.blogspot.com

Tuesday, September 16, 2014

ACFS-9459: ASVM/ACFS is not supported on this os version


After installing the Grid Infrastructure (GI) home on two Node RAC 11gR2 (11.2.0.4) on Linux 6.5 servers, I tried to create the ACFS filesystem using ASMCA tool to have Oracle (RDBMS) Home. But, the option tabs "Volumes" and "ASM Cluster File Systems" in ASMCA toll were disabled, due to this we were unable to create volume and cluster filesystem and got the following error:

"ACFS-9459: ASVM/ACFS is not supported on this os version: '3.8.13-16.2.1.el6uek.x86_64'"

I had checked the "ACFS Support On OS Platforms (Certification Matrix). (Doc ID 1369107.1)" under the section "ACFS 11.2.0.4 Supported Platforms" in Oracle Metalink.For our evnironment, Oracle Linux - Unbreakable Enterprise Kernel, it's defined as a bug and it suggested to apply the opatch "16318126".

After download the suggested Opatch and while installing the opatch, the following errors were encountered:

"The opatch minimum version  check for patch /16318126/custom failed  for
The opatch minimum version  check for patch /16318126/etc failed  for
The opatch minimum version  check for patch /16318126/files failed  for
Opatch version check failed for oracle home  
Opatch version  check failed
update the opatch version for the failed homes and retry"

Initially, I thought that the OPatch version (11.2.0.3.4) is an older version, but the existing OPatch version (11.2.0.3.4) is greater than the required version (11.2.0.3.0) as per the opatch readme.txt file.

Even though, I have downloaded the latest OPatch "Patch 6880880: OPatch patch of version 11.2.0.3.6 for Oracle software releases 11.2.0.x" for Linux x86-64. One good thing was, I could generate the OCM response file (ocm.rsp) using "emocmrsp" file under $GI_HOME/OPatch/ocm/bin. Because, after installing GI_HOME for RAC, there was no "emocmrsp" file under $GI_HOME/OPatch/ocm/bin. The OCM response file (ocm.rsp) was needed to apply the patch in Auto mode.

Well, I got the same error again even after downloading latest OPatch and while applying the patch "16318126":

"Opatch version check failed for oracle home  "

The commands used to apply the OPatch are as follows:

$ cd /
i.e. cd /u01/oracle/patch/16318126

Note: This is where the patch 16318126, recommended in ""ACFS Support On OS Platforms (Certification Matrix). (Doc ID 1369107.1)", was unzipped.

Login as root and executed the below opatch:

# opatch auto /16318126 -oh -ocmrf /OPatch/ocm/bin/ocm.rsp

# opatch auto /u01/oracle/patch/16318126 -oh -ocmrf /OPatch/ocm/bin/ocm.rsp

This is wrong !! and this is why, the error "Opatch version  check failed" was encountered.

The correct wahy of applying the patch is as follows:

Login as root.

Set the opatch path in the $PATH as follows:

# export PATH=$PATH:$ORACLE_HOME/OPatch

# opatch auto -oh -ocmrf /OPatch/ocm/bin/ocm.rsp

i.e.

# opatch auto /u01/oracle/patch -oh -ocmrf /OPatch/ocm/bin/ocm.rsp

Note:
No need to mention the patch number directory i.e "/u01/oracle/patch/16318126", just metion only the directory upto "/u01/oracle/patch/".

And, Make sure under "/u01/oracle/patch" there won't be any other patch directores or files apart from the patch you need to apply i.e. "16318126"

Then the patch was succeded as follows:

===========================
# opatch auto /u01/oracle/patch -oh /u01/oracle/app/11.2.0.4/grid -ocmrf /u01/oracle/app/11.2.0.4/grid/OPatch/ocm/bin/ocm.rsp

Executing /u01/oracle/app/11.2.0.4/grid/perl/bin/perl /u01/oracle/app/11.2.0.4/grid/OPatch/crs/patch11203.pl -patchdir /u01/oracle -patchn patch -oh

/u01/oracle/app/11.2.0.4/grid -ocmrf

/u01/oracle/app/11.2.0.4/grid/OPatch/ocm/bin/ocm.rsp -paramfile /u01/oracle/app/11.2.0.4/grid/crs/install/crsconfig_params

This is the main log file: /u01/oracle/app/11.2.0.4/grid/cfgtoollogs/opatchauto2014-09-15_17-41-14.log

This file will show your detected configuration and all the steps that opatchauto attempted to do on your system:
/u01/oracle/app/11.2.0.4/grid/cfgtoollogs/opatchauto2014-09-15_17-41-14.report.log

2014-09-15 17:41:14: Starting Clusterware Patch Setup
Using configuration parameter file: /u01/oracle/app/11.2.0.4/grid/crs/install/crsconfig_params

Stopping CRS...
Stopped CRS successfully

patch /u01/oracle/patch/16318126  apply successful for home  /u01/oracle/app/11.2.0.4/grid

Starting CRS...
Installing Trace File Analyzer
CRS-4123: Oracle High Availability Services has been started.

opatch auto succeeded.

===========================

Then the same procedure to apply the patch on another node has been repeated. After this, the option tabs "Volumes" and "ASM Cluster File Systems" in ASMCA tool are enabled and the main problem of creating the volume and asm cluster filesystem are solved.

Note: This blog post is specific to one our testing environments, and need not to the same with you. So, please go through the following Oracle Metalink note for your environment.

"ACFS Support On OS Platforms (Certification Matrix). (Doc ID 1369107.1)"

Regards,
Sabdar Syed.
http://sabdarsyed.blogspot.com/