RAC从11.2.0.3升级到11.2.0.4后,一个节点的Public IP、VIP无法连接数据库

SQL> CONN SYS/oracle@192.168.122.101:1521/pplus as sysdba
ERROR:
ORA-12537: TNS:connection closed

查看RAC的监听日志:

# cd $ORACLE_BASE/diag/tnslsnr/racdb2/listener/trace/

# vi listener.log

06-MAY-2019 12:13:52 * (CONNECT_DATA=(SERVICE_NAME=posplus)(CID=(PROGRAM=sqlplus)(HOST=racdb1)(USER=grid))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.122.100)(PORT=40081)) * establish * posplus * 12518
TNS-12518: TNS:listener could not hand off client connection
  TNS-12546: TNS:permission denied
    TNS-12560: TNS:protocol adapter error
     TNS-00516: Permission denied
        Linux Error: 13: Permission denied

首先想到GRID和Database的是oracle文件权限的问题,都有s权限,确认没有问题

[grid@racdb1 ~]$ ll $ORACLE_HOME/bin/oracle

-rwsr-s--x 1 grid oinstall 209914479 Mar 25 23:39 /home/grid/app/11.2.0.4/grid/bin/oracle

[oracle@racdb1 ~]$ ll $ORACLE_HOME/bin/oracle

-rwsr-s--x 1 oracle asmadmin 239626641 Mar 26 01:36 /home/oracle/app/oracle/product/11.2.0.4/db_1/bin/oracle

然后再用GRID用户去访问Database的HOME目录

[grid@racdb1 ~]$ cd $ORACLE_HOME/bin
-bash: cd: $ORACLE_HOME/bin: Permission denied

果然没有权限

[grid@racdb2 ~]$ ll /home/
total 8
drwxr-xr-x. 7 root oinstall 4096 Mar 23 16:43 grid
drwx------. 8 oracle oinstall 4096 May 6 11:45 oracle

把/home/oracle的权限修改为

chmod g+rx,o+rx /home/oracle

[grid@racdb1 ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Wed May 8 10:41:06 2019

Copyright (c) 1982, 2013, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Real Application Clusters and Automatic Storage Management options

SQL> CONN SYS/oracle@192.168.122.111:1521/posplus as sysdba
Connected.
SQL> CONN SYS/oracle@192.168.122.101:1521/posplus as sysdba
Connected.
SQL> CONN SYS/oracle@192.168.122.110:1521/posplus as sysdba
Connected.
SQL> CONN SYS/oracle@192.168.122.120:1521/posplus as sysdba

至此问题已解决

-------------------------------------------------------------------------------

参考Oracle官方文档:

ORA-12537 / ORA-12547 or TNS-12518 if Listener (including SCAN Listener) and Database are Owned by Different OS User (文档 ID 1069517.1) 转到底部

In this Document

  Symptoms
  Cause
  Solution
  References

APPLIES TO:

Oracle Database - Enterprise Edition - Version 11.2.0.3 and later
Oracle Database Configuration Assistant - Version 11.1.0.7 and later
Oracle Net Services - Version 11.2.0.2 and later
Information in this document applies to any platform.

SYMPTOMS

In environment where listener home (including SCAN listener which resides in GRID Infrastructure/ASM home) and database home are owned by different OS user, ORA-12537 could happen when connecting through listener, when creating database through DBCA, or when installing database software and creating a database in runInstaller. Job Role Separation is a typical example as SCAN and local grid home listener is owned differently than database.

  • Error detail
12537, 00000, "TNS:connection closed"
// *Cause: "End of file" condition has been reached; partner has disconnected.
// *Action: None needed; this is an information message.

Before the error is reported, connection could hang for a while, and a core file may also be generated.

  • Screen output:
SQL> conn system/xxx@OSES
ERROR:
ORA-12537: TNS:connection closed

OR

PRCR-1079 : Failed to start resource ora.db11.db
CRS-5011: Check of resource db11 failed: details at ..
CRS-2674: Start of ora.db11.db on racnode1 failed
ORA-12546: TNS:permission denied

  • listener_scann.log or listener.log
TNS-12518: TNS:listener could not hand off client connection
TNS-12546: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00516: Permission denied
   Linux Error: 13: Permission denied

OR

TNS-12518: TNS:listener could not hand off client connection
TNS-12547: TNS:lost contact
 TNS-12560: TNS:protocol adapter error
  TNS-00517: Lost contact
   Linux Error: 32: Broken pipe

  • runInstaller error if installing
INFO: Starting Output Reader Threads for process /ocw/grid/bin/kfod
INFO: Parsing KFOD-00300: OCI error [-1] [OCI error] [ORA-12547: TNS:lost contact
INFO: Parsing ] [12547]
INFO: Parsing
INFO: The process /ocw/grid/bin/kfod exited with code 1
..
SEVERE: [FATAL] [INS-30502] No ASM disk group found.
   CAUSE: There were no disk groups managed by the ASM instance +ASM1.

CAUSE

1. In environments where the listener is not run in the same ORACLE_HOME where the database resides, the listener owner (including SCAN listener) may not be able to access the oracle binary in the database home.  This is common in RAC or whenever a GRID_HOME and a database ORACLE_HOME are installed.

As listener owner:

$ ls -l $RDBMS_HOME/bin/oracle
ls: /home/oracle/app/oracle/product/11.2/db/bin/oracle: Permission denied

2. Oracle binary in database home has wrong permission:

ls -l $RDBMS_HOME/bin/oracle
-rwxr-x--x 1 oracle asmadmin 184286251 Aug  9 16:25 /home/oracle/app/oracle/product/11.2/db/bin/oracle

The permission "-rwxr-x--x" is wrong as it's missing suid bit, oracle binary should have permission of 6751:

-rwsr-s--x 1 oracle asmadmin 184286251 Aug  9 16:25 /home/oracle/app/oracle/product/11.2/db/bin/oracle

Note: If Job Role Separation is in place, the group will be <asmadmin>, otherwise it will be <oinstall>

3. File System for database home does not support setuid/suid or has nosetuid/nosuid set:

mount| grep <mount_point_of_ORACLE_HOME>
/home/oracle on /dev/dsk/diskoracle read/write/nosuid..

4. RDBMS_HOME/lib has wrong ownership/permission:

As listener owner:

$ ls -l $RDBMS_HOME/lib
ls: /home/oracle/app/oracle/product/11.2/db/lib: Permission denied

5. Another cause may be permissions on the RDBMS Directory structure or Home directory which needs to be accessed by the CRS user.
Check that the RDBMS $ORACLE_HOME is set to 755.
This can be seen from an OS trace such as strace or truss when using it to trace the CRS user running the "oracle" executable which fails with the "Permission denied" error.

Also:

a) Log in as the "GRID" user on each node, and issue the following (on each directory under the RDBMS Home) :-

[grid@orcl002:+ASM2 ~]$ ls -al /home/oracle/app/oracle
ls: cannot open directory /u01/app/oracle: Permission denied

***NOTE: the Oracle directory has 700 for the permissions, which should be changed to 755:

Current (incorrect) -->

[grid@orcl002:+ASM2 ~]$ ll /home/oracle/app
drwx------. 8 oracle oinstall  4096 Oct 12 08:38 oracle

Should be (correct) -->

[grid@orcl002:+ASM2 ~]$ ll /home/oracle/app
drwxr-xr-x. 8 oracle oinstall  4096 Oct 12 08:38 oracle

b) Likewise the /product directory has 700 perms, so change to 755 -->

[grid@orcl002:+ASM2 ~]$ ls -al /home/oracle/app/oracle/product
ls: cannot open directory /u01/app/oracle/product: Permission denied

Current (incorrect) -->

[grid@orcl002:+ASM2 ~]$ ls -al /home/oracle/app/oracle
drwx------.  3 oracle oinstall 4096 Oct  12 08:58 product

Should be (correct) -->

[grid@orcl002:+ASM2 ~]$ ls -al /u01/app/oracle
drwxr-xr-x.  3 oracle oinstall 4096 Oct  12 08:58 product

c) Now a connection should work:

$ sqlplus system/<pwd>@'(description=(address=(protocol=tcp)(host=orcl002)(port=1521))(connect_data=(server=dedicated)(service_name=ORCL)))'

SQL>

SOLUTION

Solution is to make sure file system for database home has setuid/suid set, database binary($RDBMS_HOME/bin/oracle) has correct ownership and permission, and listener owner is able to access database oracle binary (as listener owner, "ls -l $RDBMS_HOME/bin/oracle" will tell)

If its Job Role Separation environment, please refer to the following document:

Oracle® Grid Infrastructure 
Installation Guide
11g Release 2 (11.2)

Oracle ASM Job Role Separation Option with SYSASM

RAC升级后,一个节点无法连接数据库,报ORA-12537: TNS:connection closed的更多相关文章

  1. 启动监听报错:TNS-12537: TNS:connection closed TNS-12560: TNS:protocol adapter error TNS-00507: Connection closed Linux Error: 29: Illegal seek

    启动监听程序报错: 说明:在rhel5.8上安装完成oracle11g数据库后,使用netca创建完监听,启动监听时报错.还未使用dbca创建实例. [oracle@rusky-oracle11g ~ ...

  2. Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)的解决

        Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)的解决 [oracle@rac01 ~]$ sqlplus /nolog S ...

  3. Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)

    Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)的解决 [oracle@rac01 ~]$ sqlplus /nolog SQL*P ...

  4. plsql 连接oralce数据库,报ora 12557 tns 协议适配器不可加载错误

    使用plsql 连接oracle 数据库报ora 12557 错误: 解决方案: 1:首先确保服务中的service以及监听器都开启 2:F:\app\Administrator\product\11 ...

  5. Mac 升级后idea执行git命令报错xcrun: error: invalid active developer path的解决办法

    报错 xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun ...

  6. 关于MAC升级后,vim更新插件报错

    找不到路径: 直接在终端 terminal 输入: xcode-select --install

  7. 监听报错 TNS-00525: Insufficient privilege for operation 11gR2 + 连接报错ORA-12537: TNS:connection closed

    1.TNS-00525: Insufficient privilege for operation Started with pid= Listening on: (DESCRIPTION=(ADDR ...

  8. 单向链表在O(1)时间内删除一个节点

    说删链表节点,第一时间想到就是遍历整个链表,找到删除节点的前驱,改变节点指向,删除节点,但是,这样删除单链表的某一节点,时间复杂度就是O(n),不符合要求: 时间复杂度是O(n)的做法就不说了,看看O ...

  9. rac 11g_第二个节点重启后无法启动实例:磁盘组dismount问题

    原创作品,出自 "深蓝的blog" 博客,欢迎转载,转载时请务必注明以下出处,否则追究版权法律责任. 深蓝的blog:http://blog.csdn.net/huangyanlo ...

随机推荐

  1. 你的Mac还安全吗

    MacOS 系统重大安全漏洞:不用密码我也可以玩你的 Macbook Wi-Fi 网络安全保护机制被攻破.Android 泄漏终端设备的用户声音和屏幕活动.iOS 出 bug,Office更是漏洞不断 ...

  2. 接口测试“八重天”---RestAssured

    要记住每一个对你好的人,因为他们本可以不那么做. ---久节奏,慢读书 一.什么是RestAssured 偶然在逛帖子的时候发现一个接口测试框架,觉得不错,学习学习. 官方地址:http://rest ...

  3. ansible之yum模块

    > YUM (/usr/lib/python2.7/site-packages/ansible/modules/packaging/os/yum.py) Installs, upgrade, d ...

  4. sublime设置代码缩进

    打开sublime的首选项(Preferences)下的设置-用户(Setting-User) ,配置如下代码 , "translate_tabs_to_spaces": true ...

  5. Pushing Boxes(广度优先搜索)

    题目传送门 首先说明我这个代码和lyd的有点不同:可能更加复杂 既然要求以箱子步数为第一关键字,人的步数为第二关键字,那么我们可以想先找到箱子的最短路径.但单单找到箱子的最短路肯定不行啊,因为有时候不 ...

  6. 运行 npm run lint -- --fix,提示:error Use the global form of 'use strict'

    运行 npm run lint -- --fix,提示:error Use the global form of 'use strict',使用说明网址:https://eslint.org/docs ...

  7. nginx常用运维日志分析命令

    nginx常用日志分析命令 运维人员必备 常用日志分析命令 1.总请求数 wc -l access.log |awk '{print $1}' 2.独立IP数 awk '{print $1}' acc ...

  8. python 查询文件存放地址

    import os, time import sys import re def search(path,name): for root, dirs, files in os.walk(path): ...

  9. Predicate Format String Syntax 与字面量

    字面量: 字符串:单引号或双引号扩起来: %@:系统自动添加,数字则自动去除@(): 无单双引号,系统做数字处理. Single or double quoting variables (or sub ...

  10. PHP:ThinkCMFX任意文件包含漏洞

    前言:最近爆出来的漏洞,ThinkCmfX版本应该是通杀的,基于3.X Thinkphp开发的 代码下载地址:https://gitee.com/thinkcmf/ThinkCMFX/releases ...