Starting in AHF 20.1.1, if the Oracle Trace File Analyzer socket is available, then by default, Oracle ORAchk and Oracle EXAchk use the socket to connect to the remote compute nodes, that is, Oracle Database servers.
Oracle Trace File Analyzer copies the compliance check results from the remote nodes and then merges the results on the local node.
If the socket is not available, then Oracle ORAchk and Oracle Exachk resort to the
opc user always use SSH mechanism to connect
to the remote compute nodes.
This change means that it is no longer required to configure passwordless SSH
user equivalency for
root or non-root user to run checks on
remote database nodes. User equivalency is still required for a cluster
install. Oracle Trace File Analyzer must be running on all the nodes and
certificates should be in the Oracle Trace File Analyzer data directory on
However, you can skip this by doing multiple standalone installs and running
tfactl syncnodes. Oracle ORAchk and Oracle EXAchk still use SSH to connect
to the storage servers and infiniband switches.
A non-root user can use the socket only if it has access to tfactl, which you can
verify by running the
tfactl access lsusers command. If the
user is not found, then run
tfactl access add –user
user to add user to the Oracle
Trace File Analyzer access list.
If you run Oracle ORAchk or Oracle EXAchk as
root, then the
tools prompt to store password for cells and switches temporary or permanent
in the wallet, but still use SSH to connect to the storage servers and