This appendix includes the information required to run and maintain the Oracle Real Application Clusters (Oracle RAC) Configuration Audit Tool (RACcheck). The tool is designed to audit various important configuration settings within an Oracle RAC system.
Note:if you have not upgraded to Oracle Database 11g release 2 (184.108.40.206), which includes RACcheck, or to get the latest version of RACcheck (to which Oracle adds checks every three months), then you can download RACcheck from the following URL:
This appendix includes the following topics:
Use RACcheck to audit configuration settings within the following categories:
Operating system kernel parameters
Operating system packages and other operating system configuration settings important to Oracle RAC
Oracle Grid Infrastructure
Oracle Automatic Storage Management (Oracle ASM)
Database parameters and other database configuration settings important to Oracle RAC
Upgrade readiness assessment to Oracle Database 11g release 2 (11.2)
You can use RACcheck with Oracle RAC database servers, Oracle RAC databases (10g release 2 (10.2), 11g release 1 (11.1), and 11g release 2 (11.2)), Oracle Grid Infrastructure, hardware, and operating system and Oracle RAC software. You can also use RACcheck with nonclustered Oracle Databases (10g release 2 (10.2), 11g release 1 (11.1), and 11g release 2 (11.2)), Oracle Restart systems, and Oracle Real Application Clusters One Node configurations.
You can use RACcheck on the following platforms:
Intel LinuxFoot 1 (Enterprise Linux, RedHat and SuSE 9,10, 11)
Oracle Solaris SPARC (Solaris 10 and 11)
Oracle Solaris x86-64 (Solaris 10 and 11)
IBM AIXFoot 2
Other RACcheck features include:
RACcheck is nonintrusive and does not change anything in the environment, except as follows:
SSH user equivalence for the Oracle Database software owner is assumed to be configured among all the database servers being audited so that RACcheck can run commands on remote database server nodes. If RACcheck determines that SSH user equivalence is not configured, then the tool gives you the option to set up user equivalence either temporarily or permanently. If you choose to set up SSH user equivalence temporarily, then, at the end of the session, RACcheck removes the keys to restore the system to its original SSH user equivalence state. If you want to configure SSH user equivalence outside of RACcheck (if it is not already configured), then consult My Oracle Support note 372795.1 at the following URL:
Note:SSH user equivalence is always required for the Oracle Database software installation owner, but is not required for Oracle Grid Infrastructure configurations.
RACcheck creates a number of small output files into which the data necessary to perform the assessment is collected.
RACcheck creates and executes some scripts dynamically in order to accomplish some of the data collection.
RACcheck deletes any temporary files that are created and not needed as part of the collection.
RACcheck interrogates the system to determine the status of the Oracle stack components (specifically, Oracle Grid Infrastructure, Oracle Database, Oracle RAC, and so on) and whether they are installed and whether they are running. Depending upon the status of each component, RACcheck runs the appropriate collections and audit checks.
See Also:Troubleshooting if, because of local environmental configuration, RACcheck is unable to properly determine the necessary environmental information
RACcheck automatically runs a process in the background to monitor command execution progress. If, for any reason, one of the commands run by RACcheck should hang or take longer to run than anticipated, then this monitor process stops the command after a configurable amount of time, so that RACcheck can continue to run. If that happens, then RACcheck skips the collection or command that was hung and a notation is made in the log.
See Also:"Runtime Command Timeouts" to adjust the
RAT_ROOT_TIMEOUTparameters if the default timeout duration is too short
If the RACcheck driver files are older than 90 days, then the driver files are considered to be stale and you will be notified of a stale driver file.
When RACcheck completes the collection and analysis, it produces a detailed HTML formatted report that contains benefit, impact, risk, and action and repair information. The report may also reference publicly available documents with additional information about the problem and its resolution. RACcheck also produces a compressed output file. This output file can be provided to My Oracle Support for further analysis, if necessary.
The results of the audit checks can be optionally uploaded into database tables for reporting purposes.
In some cases, you may want to stage RACcheck on a shared file system, so that various systems can access it, while still being maintained in a single location, rather than copying to each cluster on which it may be used. The default behavior of RACcheck is to create a subdirectory and its output files in the location where the it is staged. If that staging area is a read-only file system or if you would like the output to be created elsewhere, then there is an environment variable that you can use for that purpose. You can configure the
RAT_OUTPUT parameter to any valid writable location.
When using RACcheck, consider the following:
Run RACcheck on Oracle Database servers as the Oracle Database software owner (
RACcheck includes a daemon that enables RACcheck to run noninteractively (in batch or silent mode) at regular intervals.
Oracle recommends that you install and run RACcheck from a local file system on a single database server to provide the best performance.
To maximize its usefulness, run RACcheck when Oracle Grid Infrastructure and at least one database are up and running.
Oracle recommends that you run RACcheck during times of least load on the system.
To avoid possible problems running RACcheck from terminal sessions on a network attached workstation or laptop, consider running the tool using VNC so that, if there is a network interruption, then the tool will continue to run until it is finished.
If RACcheck fails for some reason, then you can run it again from the beginning. RACcheck does not resume from the point of failure.
You can run RACcheck on all nodes, simultaneously. To take advantage of the
root-specific checks while still running the tool in parallel, use the
EXPECT utility installed on the system or configure
sudo for RACcheck to use.
sudo, use the
visudo command to add the following line to the
sudoers file on each of the cluster nodes, replacing
owner with the user that installed the database software:
owner ALL=(root) NOPASSWD:/tmp/root_raccheck.sh
Ensure that permissions for RACcheck are
-rwxr-xr-x). If the permissions are not set appropriately, then run the following command:
$ chmod 755 raccheck
This section includes the following topics:
You can use RACcheck at any time but Oracle recommends that you use RACcheck:
After initially deploying Oracle RAC
Before and after any planned system maintenance
At least once every 90 days
Table D-1 lists and describes options you can use with RACcheck.
Specify this option to perform both best practice and recommended patch checks. This is the default method in which RACcheck runs.
Specify this option to run a best practice check, only.
Specify this option to run a recommended patch check, only.
Specify this option to display the version of RACcheck currently in use.
Specify this option to exclude checks for maximum availability architecture (MAA) scorecard.
The MAA scorecard is the findings related to a set of maximum availability architecture best practices and shows how prepared your system is for various types of failures that can occur in an Oracle RAC environment.
RACcheck shows the MAA scorecard, because Oracle considers MAA to be an important concept and set of features. However, it is most helpful when you have implemented Oracle Data Guard standby databases.
Use this option to run RACcheck to check pre-upgrade or post-upgrade best practices. You must use
$ raccheck -u -o pre
Use this option to add an argument to an option. Arguments include:
Use this option to perform checks offline on data already collected from the system.
Use this option to enter a comma-delimited list of node names on which to run RACcheck.
RACcheck requires this option only when you want to run the tool on subset of cluster nodes, or when RACcheck fails to retrieve cluster node information from the environment using
Use this option to run RACcheck only on the local node.
Use this option to omit checks from the HTML report that have passed.
-diff report_1 report_2 [-outfile output_HTML]
Use this option along with two RACcheck reports, in the form of a directory name, a zip file, or an HTML report, to compare them to each other. Optionally, you can use the
Note: To limit security vulnerabilities, Oracle recommends that you set the permissions of the output directory as restrictive as possible. The output directory can contain sensitive configuration information and, when no other mechanism is available, temporary data collection files.
See Also: "Comparing Reports with RACcheck" for more information
Use this option to run RACcheck commands only if the RACcheck daemon is running.
Use this option if you do not want to use the RACcheck daemon to run the command.
Use this option with commands to control the RACcheck daemon. Commands include:
-set "parameter_1=value_1 ;parameter_2=value_2..."
Use this option to set the RACcheck configuration parameters listed in "Running RACcheck Using the RACcheck Daemon".
-get parameter | all
Specify this option to obtain the value of a specific RACcheck configuration parameter, or the value of all RACcheck configuration parameters.
Use this option to configure RACcheck to run a specific profile. Supported profiles include:
Use this option to display RACcheck usage
oracle user exists on the system and all the Oracle components are installed or running (including Oracle Clusterware, Oracle Database, and Oracle ASM), then Oracle recommends that you run RACcheck as the
oracle (or Oracle Database software installation owner) user. RACcheck does perform some audit checks that require root privileges, in which case, if
sudo is not configured or the
root password is not available, then you can configure RACcheck to skip these audit checks by selecting option
3 on the
root password menu.
RACcheck can run as
root only if you specify the
sysadmin profile using the
raccheck -profile sysadmin command. In this case, RACcheck skips all database-related best practices but you must set up SSH user equivalence for the
root user among cluster nodes, so RACcheck will not prompt you for the
Note:Typically, when you run RACcheck as
oracle, operating system authentication is already set up for the Oracle Database software owner and RACcheck will not require the database login credentials.
For instructions about configuring SSH user equivalence, go to the following URL:
"Database Login Problems" if you want to run RACcheck as another user, and additional information on how to verify database authentication before running the tool
RACcheck does not store or save any passwords. The handling of
root passwords depends on whether the
expect utility is installed.
expect utility is not installed (which is the default for all platforms, except Oracle Enterprise Linux 5), then the
root password prompts are deferred and you must closely monitor RACcheck as it runs and enter the passwords, as prompted, once for each node of the cluster. Otherwise, RACcheck uses the
expect utility for interactive password automation. You can install the
expect utility on other Linux distributions in order to automate interactive password handling.
When RACcheck finds the
expect utility, the tool gathers the
root passwords at the beginning of the process, and the
expect utility will supply them, when needed, at the
root password prompts for each node, so that RACcheck can continue without further input from you.
RACcheck inquires if the
root password is the same for all database servers of the cluster. If you respond affirmatively (which is the default), then you will be prompted for the
root password once and it will be validated and subsequently used for all nodes in the cluster. If you respond negatively (that the
root password is not the same for all nodes in the cluster), then RACcheck will prompt for and validate the
root password for each individual node in the cluster.
Additionally, when RACcheck finds the
expect utility, when validating the
root passwords, you have three opportunities to type the correct password. If you fail to enter the correct password after three attempts, then RACcheck proceeds to the next node and displays a message stating that the password is still incorrect and that the checks dependent upon data collected from that node will be skipped. At this point, you can either cancel running RACcheck and obtain the correct
root password, or continue with the understanding that important data may be missing from the report.
When RACcheck uses the
expect utility, it is possible that, between the time that the
root passwords are entered and validated and nodes for those passwords are reached, that the passwords could have been changed. In that case, RACcheck displays a message stating that the password must have been changed and that the collections for that node will be skipped, which means the checks for that node will also be skipped. You can either allow RACcheck to continue to completion knowing that data and checks will be skipped or cancel running RACcheck and resolve the problem.
If RACcheck skips any checks for any reason, then the tool reports in the log any checks that were skipped and on which nodes, when it finishes running.
RACcheck prompts you through the auditing process.
Note:The time it takes RACcheck to run varies based on factors such as the number of nodes in a cluster, CPU load, and network latency. Typically, the entire process should only take five minutes, or so, for each node. This is just a general guideline but if it takes substantially more time than that, then there may be some other problem that should be investigated.
This section includes the following topics:
You must first configure SSH user equivalence. For instructions about configuring SSH user equivalence, go to the following URL:
Note:SSH user equivalence is only necessary if your system is running Oracle Grid Infrastructure to support a cluster. This is not required for nonclustered databases or Oracle Restart configurations.
root access to run the
root-specific checks. To facilitate these checks in silent mode, you must configure passwordless
sudo and use the
-s option to run RACcheck.
sudois not allowed within your environment, you can skip this step. In this case, you can still run RACcheck silently without the root-specific checks using the
-Soption. Eliminating the root-specific checks limits the capabilities of RACcheck and Oracle does not recommend this method of running RACcheck.
To run RACcheck silently, you must specify one of the following arguments, depending on your configuration:
-s: Use this option to run RACcheck unattended when the
oracle user can
root without a password
-S: Use this option to run RACcheck unattended without the
root password and make no
root-privileged collections or audits
Note:Oracle recommends that you implement passwordless
/tmp/root_raccheck.shfor full functionality of RACcheck, as described in "RACcheck Usage".
RACcheck runs in silent mode using the information it gathers from Oracle Clusterware. When RACcheck runs in silent mode, it performs data collection and audit checks on all databases running on the local node that are defined as Oracle Clusterware resources.
AUTORUN_INTERVAL: This parameter defines the time interval at which RACcheck runs, specified in days or hours (
d | h). For example:
$ raccheck -set AUTORUN_INTERVAL=1d
The preceding command configures the RACcheck daemon to run every day. If you set this parameter to 0, then the RACcheck daemon will not run automatically. This is the default setting for this parameter.
AUTORUN_FLAGS: This parameter defines how RACcheck runs, using the flags listed in Table D-1. For example:
$ raccheck -set "AUTORUN_INTERVAL=12h;AUTORUN_FLAGS=-profile sysadmin"
The preceding command configures RACcheck to run the
sysadmin profile every 12 hours.
PASSWORD_CHECK_INTERVAL: This parameter defines the frequency (specified in hours) with which the running daemon validates the passwords entered when the daemon starts. If the daemon encounters an invalid password (due to a password change), then the daemon stops running and enters a notification in the daemon log (
raccheck_daemon.log), and also sends an email, if configured to do so. For example:
$ raccheck -set PASSWORD_CHECK_INTERVAL=1
The preceding command validates passwords every hour.
NOTIFICATION_EMAIL: This parameter configures the RACcheck daemon to email notifications to a specific person. For example:
$ raccheck -set NOTIFICATION_EMAILemail@example.com
Note:You can configure more than one parameter in a single command by providing each parameter in a semi-colon delimited list enclosed in double quotation marks (
""). For example, the following command configures the RACcheck daemon to run every day in verbose mode, specifies an email address for daemon notices, and checks for changed passwords hourly:
$ raccheck -set "AUTORUN_INTERVAL=1d;AUTORUN_FLAGS= -o verbose; NOTIFICATION_EMAILfirstname.lastname@example.org;PASSWORD_CHECK_INTERVAL=1"
To obtain the current configuration of all of the parameters of the RACcheck daemon, run the following command:
$ raccheck -get all
The preceding command returns output similar to the following:
AUTORUN_INTERVAL = 1d AUTORUN_FLAGS = -o verbose NOTIFICATION_EMAIL = email@example.com PASSWORD_CHECK_INTERVAL = 1
You can set or modify RACcheck parameters after the RACcheck daemon has started.
Note:Oracle recommends that, at a minimum, you configure the
To start the RACcheck daemon, run the following command:
$ raccheck –d start
RACcheck launches an interactive graphical user interface to collect the required information and start the daemon process.
You can run RACcheck on demand while the RACcheck daemon is running by entering
raccheck on the command line without any arguments as the user that started the daemon process from the same directory from which you launched the RACcheck daemon. Running RACcheck this way is non-interactive, because the daemon passes parameters at all the prompts, and produces output on the screen similar to that which RACcheck produces when running interactively.
Note:If the RACcheck daemon is running and want to run RACcheck interactively, then run the following command:
$ raccheck -nodaemon
If you start the RACcheck daemon, then no other user can use the RACcheck daemon to run RACcheck in non-interactive mode. To use the RACcheck daemon, you must be the same user you must run RACcheck on demand from the same directory where you started daemon.
Once you start the RACcheck daemon, it continues to run in the background until either you explicitly stop the daemon (using the
raccheck –d stop command) or one of the following conditions is met:
The server on which the daemon is running is rebooted or stops.
If a password is changed on any node, then the daemon stops and an entry is placed in
raccheck_daemon.log. Additionally, RACcheck sends an email to address entered in the
NOTIFICATION_EMAIL configuration parameter. Configure the
PASSWORD_CHECK_INTERVAL configuration parameter to ensure validity of the required passwords.
If the RACcheck script has changed or has been replaced with a new script since you started daemon, then any further attempts to run RACcheck on demand, as well as auto run will not succeed. You will have to restart daemon with new script for future run.
If the system configuration has changed (such as nodes or instances being added or deleted), then you must restart the RACcheck daemon for the configuration changes to be recognized.
You can use RACcheck to compare results from two RACcheck reports. You can use the results of comparisons to monitor trends and best practice changes over time or after planned maintenance presented in a user-friendly HTML report. Ensure that the RACcheck reports in the RACcheck output directories,
.zip output files, or HTML reports are accessible.
To compare two RACcheck reports, run the following command:
$ raccheck -diff report_1 report_2
Specify the names of the two report files you want to compare. When RACcheck finishes comparing the two files, the utility prints a summary and provides a location of the comparison report for viewing.
You can use RACcheck to obtain an automated upgrade readiness assessment to help facilitate upgrade planning for Oracle RAC and Oracle Clusterware. Use RACcheck to automate many of the manual pre- and post-upgrade checks detailed in the following upgrade-related documents:
Oracle Database Upgrade Guide
Oracle Grid Infrastructure Installation Guide for your platform
The following My Oracle Support notes:
You can run RACcheck before and after upgrading your software. Run the pre-upgrade check during the planning phase of the upgrade process to ensure that enough time is available to resolve any potential issues prior to the actual upgrade process. Run the post-upgrade check to ensure the health of Oracle Grid Infrastructure and Oracle Database. Following is a summary of what you can expect from RACcheck upgrade checks:
When performing pre-upgrade checks, RACcheck detects all databases registered with Oracle Clusterware and produces a list of databases on which it will perform pre-upgrade checks. If any databases of the most current version are detected, then RACcheck skips them and will not perform any checks.
When performing post-upgrade checks, RACcheck detects all databases registered with Oracle Clusterware and produces a list of databases on which it will perform post-upgrade checks. If RACcheck detects any databases versions preceding Oracle Database 11g release 2 (220.127.116.11), then RACcheck skips them and will not perform any checks.
When performing either pre- or post-upgrade checks, RACcheck checks both Oracle Clusterware and the operating system.
When RACcheck finishes its checks, the tool produces a report in HTML format that contains the findings and links to additional details and information.
Use the following syntax to run RACcheck upgrade checks:
$ raccheck -u -o pre | post
When you run RACcheck, the tool creates a subdirectory using a naming convention that begins with "raccheck" and includes a date and time (such as,
raccheck_SIEBXL_072613_141001), and a zip file that contains the contents of the subdirectory (such as,
raccheck_SIEBXL_072611_141001.zip) at the same level on the file system as RACcheck, itself. The total size of the subdirectory and zip file should be less than 5 MB on the file system. The exact varies depending upon how many nodes and how many databases there are in the system. While Oracle recommends that you run RACcheck when there is the least load on the system, over time, the number of files will build up and you must maintain and clean out older files, subdirectories, or both.
Oracle designed RACcheck to support multiple databases. The tool presents a list of running databases, which are registered in the Oracle Grid Infrastructure. You can choose one, all, or enter a comma-delimited list of numbers that designate the listed databases. You do not have to install the tool on multiple nodes to check database instances running on other nodes in the cluster.
RACcheck logs into all databases by using local bequeath connections and assumes the existence of operating system authentication in the database for the user running the tool. In some configurations, there could be multiple database homes all owned by the same operating system user (such as
oracle), while in other configurations, there could be any number of database homes all owned by different operating system users.
In the former case, run RACcheck as
oracle. In the latter case, you may want to deploy RACcheck on the home with the greatest number of databases to obtain the most information possible, in which case install RACcheck as the owner of that home. To scan the other databases, RACcheck must be installed and run under each database home user account.
Oracle supports uploading the results of audit checks done by RACcheck or the list of installed patches into database tables for use as a source of data for reporting.
To take advantage of this optional feature, you must set a number of environment variables in the runtime environment, and you must create two tables to receive the data: one for the audit check results and another for the patches installed on the systems.
To create a results table called
auditcheck_result, run the following DDL command:
create table auditcheck_result ( COLLECTION_DATE TIMESTAMP, CHECK_NAME VARCHAR2(256), PARAM_NAME VARCHAR2(256), STATUS VARCHAR2(256), STATUS_MESSAGE VARCHAR2(256), ACTUAL_VALUE VARCHAR2(256), RECOMMENDED_VALUE VARCHAR2(256), COMPARISON_OPERATOR VARCHAR2(256), HOSTNAME VARCHAR2(256), INSTANCE_NAME VARCHAR2(256), CHECK_TYPE VARCHAR2(256), DB_PLATFORM VARCHAR2(256), OS_DISTRO VARCHAR2(256), OS_KERNEL VARCHAR2(256), OS_VERSION NUMBER, DB_VERSION VARCHAR2(256), CLUSTER_NAME VARCHAR2(256), DB_NAME VARCHAR2(256), ERROR_TEXT VARCHAR2(256) CHECK_ID VARCHAR2(40), NEEDS_RUNNING VARCHAR2(100), MODULES VARCHAR2(4000), DATABASE_ROLE VARCHAR2(100), CLUSTERWARE_VERSION VARCHAR2(100), GLOBAL_NAME VARCHAR2(256) );
To create a table for patches called
auditcheck_patch_result, run the following DDL command:
create table auditcheck_patch_result ( COLLECTION_DATE TIMESTAMP(6), HOSTNAME VARCHAR2(256), ORACLE_HOME_TYPE VARCHAR2(256), ORACLE_HOME_PATH VARCHAR2(256), ORACLE_HOME_VERSION VARCHAR2(256), PATCH_NUMBER NUMBER, CLUSTER_NAME VARCHAR2(256), DESCRIPTION VARCHAR2(256), PATCH_TYPE VARCHAR2(128), APPLIED NUMBER, RECOMMENDED NUMBER );
Set the following environment variables (shown with example values):
$ export RAT_UPLOAD_CONNECT_STRING="(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = bonanza)(PORT = 1521)) (LOAD_BALANCE = yes) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl)))" $ export RAT_UPLOAD_TABLE=auditcheck_result (name must match that of the table created for the purpose) $ export RAT_PATCH_UPLOAD_TABLE=auditcheck_patch_result (name must match the name of the table created for the purpose) $ export RAT_UPLOAD_USER=auditcheck (schema owner of the table created for the purpose) $ export RAT_UPLOAD_PASSWORD=auditcheck (password for the schema owner) $ export RAT_UPLOAD_ORACLE_HOME=path_of_database_home (optional, alternate home containing sqlplus that you want to use for connecting in case it is not the current $ORACLE_HOME as derived by RACcheck from the environment)
Note:Use the fully-qualified address (as shown in the preceding example) for the connect string rather than an alias from the
tnsnames.orafile, so that it is not necessary to rely on
tnsnames.orafile name resolution on all the servers where RACcheck might run. You must use double quotation marks (
When you set the first four environment variables (shown in the preceding example) in the runtime environment, RACcheck assumes that the intent is to upload the data into the tables at the end of the process, and it attempts to upload the data. This process requires that you properly set the environment, that is, that the connect string is reachable, the user name and password are correct, and the table name is correct. If RACcheck cannot connect to the database, then a message to that effect will be written to the log. If the
RAT_UPLOAD_ORACLE_HOME variable is set, then RACcheck invokes SQL*Plus from that home rather than attempting to invoke SQL*Plus from the current Oracle home derived by RACcheck. If you do not set any of the first four environment variables, then RACcheck will not attempt to upload the data.
Optionally, you can exclude one or more audit checks after the first run of RACcheck, as follows:
Create a text file named
excluded_check_ids.txt in the same directory as the RACcheck script and driver files.
raccheck.log file, which is located in the output directory of the previous run of the tool.
Search for the audit checks that you want to exclude in subsequent runs.
CHECK_ID of the audit checks you want to exclude. The
CHECK ID is an alphanumeric string similar to
CHECK_ID = 65E4DC8B76BC4DA6E040E50A1EC03704. If the audit check block does not contain a
CHECK_ID line, then you cannot exclude that audit check.
CHECK_IDs for the audit checks that you want to exclude in the
excluded_check_ids.txt file, one
CHECK_ID per line.
Subsequently, when you run RACcheck, before the tool runs an audit check, it checks the
excluded_check_ids.txt file for any excluded checks and skips them.
If any non-
root-privileged individual commands timeout before they finish running, then RACcheck stops that process and does not collect the desired data. If this happens, then you can lengthen the timeout by setting the following environment variable in the script execution environment:
$ export RAT_TIMEOUT=120
The default value for this environment variable is 90 seconds.
RACcheck runs a set of
root-privileged data collections, once for each node in the cluster. If collections timeout before the data can be collected, then RACcheck stops that process and does not collect the desired data. If this happens, then you can lengthen the timeout by setting the following environment variable in the script execution environment:
$ export RAT_ROOT_TIMEOUT=600
The default value for this environment variable is 300 seconds.
Note:If you encounter either of these timeouts, then Oracle recommends that you determine the cause of the delay and correct it, and that you run RACcheck during times of least load on the system.
You can ignore the following errors that do appear in the
/bin/sh: /u01/app/11.2.0/grid/OPatch/opatch: Permission denied
chmod: changing permissions of '/u01/app/oracle_ebs/product/18.104.22.168/VIS_RAC/.patch_storage': Operation not permitted
OPatch could not open log file, logging will not be possible
Inventory load failed... OPatch cannot load inventory for the given Oracle Home.
The preceding errors occur in role-separated environments when RACcheck, which is run as the database software owner, attempts to list the patch inventories of homes owned by other users (
grid, for example, or other database home owners) using OPatch. When you run OPatch to list the patch inventories for those other users it causes errors because the current user does not have permissions on the other homes. In these cases the OPatch errors are ignored and the patch inventories for those homes are gathered by other means.
Additionally, you can ignore errors similar to the following:
./raccheck: line [N]: [: : integer expression expected
The line number may change over time but this error occurs when RACcheck expects an integer return value but no value was found. RACcheck returns that error when trying to make the comparison. You could see this error repeated many times for the same command, once for each node.
root login is not permitted over SSH, then the
root-privileged commands will fail. To verify the Oracle software owner (
oracle), run the following command manually from whichever node is not working and ensure you get similar output, as follows:
$ ssh root@remotehostname "id" root@remotehostname's password: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
root login is not working, then RACcheck cannot check the remote nodes. Contact a system administrator to correct this, if only temporarily, for running RACcheck.
If you can configure the remote
root login, then edit the
/etc/ssh/sshd_config file, as follows:
PermitRootLogin to yes
Run the following command as
root on all nodes of the cluster:
# /etc/init.d/sshd restart
RACcheck attempts to derive all the data it requires from the environment (operating system and Oracle Cluster Registry) but the tool may not work as expected because of local system differences, and it is difficult to anticipate and test every possible scenario. Therefore, support for a number of environment variables has been included so that you can override the default behavior of the tool or provide the required information. Following is a list of environment variables and descriptions for each:
RAT_INV_LOC: If the
oraInst.loc file is not located where expected (
/u01/app/oraInventory), then you can specify the correct location of the
oraInventory directory in this environment variable.
RAT_CRS_HOME: You can set this environment variable if RACcheck cannot determine the correct
Grid_home path, and displays information stating that the software is not installed, even though you know that Oracle Clusterware is installed.
RAT_ORACLE_HOME: You can set this environment variable if RACcheck cannot determine the correct
ORACLE_HOME paths for the databases registered with Oracle Clusterware, and displays information stating that the software is not installed, even though you know that the database software is installed. RACcheck performs best practice and recommended patch checks for all the databases running from the home specified in this environment variable.
RAT_ASM_HOME: You can set this environment variable if RACcheck cannot determine the correct Oracle ASM home path (which is the same as the
Grid_home path) from Oracle Clusterware, and displays information stating that the software is not installed, even though you know that the Oracle ASM software is installed.
RAT_OS: You can set this environment variable if RACcheck fails to determine the correct platform, and the tool informs you that the data necessary for the determined platform could not be found.
RAT_DB: You can set this environment variable if RACcheck determines an incorrect database version.
RAT_DBNAMES: You can set this environment variable if RACcheck fails to determine valid database names from Oracle Clusterware. You can specify a space-delimited list of database names, and RACcheck will use that list instead of what it derives from Oracle Clusterware. For example:
$ export RAT_DBNAMES="ORCL ORADB PROD"
Use double quotation marks (
"") if specifying more than one database name.
Note:If you configure
RAT_DBNAMESas a subset of databases registered with Oracle Clusterware, and you want the patch inventories of all databases found registered with Oracle Clusterware to have their patch inventories checked for recommended patches, then Oracle recommends that you also configure
RAT_DBHOMES: If you set the
RAT_DBNAMES environment variable, then, by default, the recommended patch analysis will be limited to the homes for the database names you listed. If you want to perform the recommended patch analysis for additional database homes than those specified in
RAT_DBNAMES, then specify a space-delimited list of databases whose homes you want checked for recommended patches. For example, assume that you run the
export RAT_DBNAMES="ORCL ORADB" command but that you also want to check the
PROD database home, even if the
PROD database is down. Run the
export RAT_DBHOMES="ORCL ORADB PROD" command so that best practices will be checked for the
ORADB databases but the recommended patches will be checked for the
PROD database homes. Use double quotation marks (
"") if specifying more than one database name.
RAT_SSHELL: Set this environment variable to specify a secure shell location that overrides the default location (typically,
/usr/bin/ssh), in case
ssh is not where it is expected, and
ssh commands return the following error:
-bash: /usr/bin/ssh -q: No such file or directory
RAT_SCOPY: Set this environment variable to specify a secure copy location that overrides the default secure copy location (typically,
/usr/bin/scp), in case
scp is not where it is expected, and
scp commands return the following error:
/usr/bin/scp -q: No such file or directory
If you intend to run RACcheck as a user other than the database software installation owner (such as
grid), and if you experience problems connecting to the database, then do the following:
Log in to the system as
Run the following commands:
$ export ORACLE_HOME=path_to_Oracle_Database_home $ export ORACLE_SID=database_SID $ export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/lib:$PATH
Add an alias in the
$ORACLE_HOME/network/admin/tnsnames.ora file for the
Connect to the database as follows, including the password:
$ORACLE_HOME/bin/sqlplus sys@SID as sysdba
Ensure that you have successful connection.
If this method of connecting to the database fails, then RACcheck will be unable to connect, as well. Consider running the tool as the Oracle database software installation owner.
The presence of prompts or traps in the user profile can lead to RACcheck hanging while it is running, because it sources the profile at runtime. For this reason, RACcheck checks the profile in the environment for these statements and presents a message advising you to temporarily comment out those statements on all nodes.
Footnote LegendFootnote 1: Oracle does not plan to support Linux Itanium