Oracle ORAchk or Oracle EXAchk is Now Run on Remote Compute Nodes Using the Oracle Trace File Analyzer Socket

Starting in AHF 20.1.1, if the Oracle Trace File Analyzer socket is available, then by default, Oracle ORAchk and Oracle EXAchk use the socket to connect to the remote compute nodes, that is, Oracle Database servers.

Oracle Trace File Analyzer copies the compliance check results from the remote nodes and then merges the results on the local node.

If the socket is not available, then Oracle ORAchk and Oracle Exachk resort to the SSH mechanism. opc user always use SSH mechanism to connect to the remote compute nodes.

This change means that it is no longer required to configure passwordless SSH user equivalency for root or non-root user to run checks on remote database nodes. User equivalency is still required for a cluster install. Oracle Trace File Analyzer must be running on all the nodes and certificates should be in the Oracle Trace File Analyzer data directory on all nodes ahf_loc/data/host_name/tfa/server.jks. However, you can skip this by doing multiple standalone installs and running tfactl syncnodes. Oracle ORAchk and Oracle EXAchk still use SSH to connect to the storage servers and infiniband switches.

A non-root user can use the socket only if it has access to tfactl, which you can verify by running the tfactl access lsusers command. If the user is not found, then run tfactl access add –user user to add user to the Oracle Trace File Analyzer access list.

If you run Oracle ORAchk or Oracle EXAchk as root, then the tools prompt to store password for cells and switches temporary or permanent in the wallet, but still use SSH to connect to the storage servers and infiniband switches.