Oracle12c RAC创建密码文件

Oracle12c RAC修改sys密码

Oracle allows storing the password file in an ASM disk group, enhancing security, high availability, and centralized management for both RAC and non-RAC environments.

This post covers two methods to create a password file in ASM:

1. Using ORAPWD (Command-Line Method)
2. Using ASMCMD PWCREATE (Recommended for Oracle 12c and Above)

一、查看密码文件位置

[oracle@server01 ~]$ srvctl config database -d orcl
Database unique name: orcl
Database name: orcl
Oracle home: /u01/app/oracle/product/12.1.0/db_1
Oracle user: oracle
Spfile: +DATA/orcl/spfileorcl.ora
Password file: +DATA/ORCL/PASSWORD/pwdorcl.256.1183827525
Domain: 
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Server pools: 
Disk Groups: FRA,DATA
Mount point paths: 
Services: 
Type: RAC
Start concurrency: 
Stop concurrency: 
OSDBA group: dba
OSOPER group: oper
Database instances: orcl1,orcl2
Configured nodes: server01,server02
Database is administrator managed

二、查看远程登录验证

SQL> show parameter password

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile            string      EXCLUSIVE


SQL> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM     CON_ID
------------------------------ ----- ----- ----- ----- ----- ----- ----------
SYS                            TRUE  TRUE  FALSE FALSE FALSE FALSE          0
SYSDG                          FALSE FALSE FALSE FALSE TRUE  FALSE          0
SYSBACKUP                      FALSE FALSE FALSE TRUE  FALSE FALSE          0
SYSKM                          FALSE FALSE FALSE FALSE FALSE TRUE           0

三、备份密码文件

ASMCMD> pwd
+data/orcl/password
ASMCMD> pwcopy +data/orcl/password/pwdorcl.256.1183827525 '/tmp'
copying +data/orcl/password/pwdorcl.256.1183827525 -> /tmp/pwdorcl.256.1183827525

OR

cp +data/orcl/password/pwdorcl.256.1183827525 '/tmp'

[grid@server01 ~]$ ls -l /tmp/pwdorcl.256.1183827525 
-rw-r----- 1 grid oinstall 7680 Feb 11 10:53 /tmp/pwdorcl.256.1183827525

四、清空存储在asm的密码文件

Modify the password parameter from the OCR.

[oracle@server01 ~]$ srvctl modify database -d orcl -pwfile

五、验证密码文件

[oracle@server01 ~]$ srvctl config database -d orcl
Database unique name: orcl
Database name: orcl
Oracle home: /u01/app/oracle/product/12.1.0/db_1
Oracle user: oracle
Spfile: +DATA/orcl/spfileorcl.ora
Password file: 
Domain: 
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Server pools: 
Disk Groups: FRA,DATA
Mount point paths: 
Services: 
Type: RAC
Start concurrency: 
Stop concurrency: 
OSDBA group: dba
OSOPER group: oper
Database instances: orcl1,orcl2
Configured nodes: server01,server02
Database is administrator managed


或者使用pwget命令查看密码文件位置:
pwget --dbuniquename orcl

或使用SQL查询 ：
SELECT name FROM v$asm_alias WHERE group_number IN 
      (SELECT group_number FROM v$asm_diskgroup WHERE name = 'DATA') 
      AND name LIKE 'pwd%';

六、修改sys密码

1.语法

Options in 11g:
$ orapwd
Usage: orapwd file= entries= force= ignorecase= nosysdba=

where
file - name of password file (required),
password - password for SYS will be prompted if not specified at command line,
entries - maximum number of distinct DBA (optional),
force - whether to overwrite existing file (optional),
ignorecase - passwords are case-insensitive (optional),
nosysdba - whether to shut out the SYSDBA logon (optional Database Vault only).

There must be no spaces around the equal-to (=) character.

Options in 12c:
$ orapwd
Usage: orapwd file= entries= force= asm=
dbuniquename= format= sysbackup= sysdg=
syskm= delete= input_file=

Usage: orapwd describe file=

where
file - name of password file (required),
password - password for SYS will be prompted if not specified at command line. Ignored, if input_file is specified,
entries - maximum number of distinct DBA (optional),
force - whether to overwrite existing file (optional),
asm - indicates that the password to be stored in Automatic Storage Management (ASM) disk group is an ASM password. (optional).
dbuniquename - unique database name used to identify database password files residing in ASM diskgroup only. Ignored when asm option is specified (optional),
format - use format=12 for new 12c features like SYSBACKUP, SYSDG and SYSKM support, longer identifiers, etc. If not specified, format=12 is default (optional),
delete - drops a password file. Must specify 'asm', 'dbuniquename' or 'file'. If 'file' is specified, the file must be located on an ASM diskgroup (optional),
sysbackup - create SYSBACKUP entry (optional and requires the 12 format). Ignored, if input_file is specified,
sysdg - create SYSDG entry (optional and requires the 12 format), Ignored, if input_file is specified,
syskm - create SYSKM entry (optional and requires the 12 format), Ignored, if input_file is specified,
input_file - name of input password file, from where old user entries will be migrated (optional),
describe - describes the properties of specified password file (required).

There must be no spaces around the equal-to (=) character.

2.修改密码

• Oracle12c 12.1.0.2使用pwcreate修改

Add the new password file now.

使用pwcreate创建密码文件
ASMCMD> pwcreate --dbuniquename {db_unique_name} {file_path}  {sys_password}
 
ASMCMD> pwcreate --dbuniquename orcl +DATA 123456
 
ASMCMD> pwd
+data/orcl/password
ASMCMD> ls -l
Type      Redund  Striped  Time             Sys  Name
PASSWORD  HIGH    COARSE   FEB 11 14:00:00  Y    pwdorcl.269.1224943215

• Oracle12c 12.2.0.1使用orapwd修改

[oracle@rac1 ~]$ orapwd file='+DATA' dbuniquename='TPCDB1' entries=10 force=y

Enter password for SYS: 

ASMCMD> ls -l
Type      Redund  Striped  Time             Sys  Name
PASSWORD  UNPROT  COARSE   AUG 04     2023  Y    pwdtpcdb1.286.1143989031
PASSWORD  UNPROT  COARSE   MAY 17     2023  Y    pwdtpcdb1.289.1137095745
PASSWORD  UNPROT  COARSE   MAY 17     2023  Y    pwdtpcdb1.376.1137109663
PASSWORD  UNPROT  COARSE   FEB 11 14:00:00  Y    pwdtpcdb1.462.1224945303
PASSWORD  UNPROT  COARSE   AUG 04     2023  N    pwdtpcdb1.pwd => +DATA/TPCDB1/PASSWORD/pwdtpcdb1.286.1143989031


[oracle@rac1 ~]$ srvctl config database -d TPCDB1
Database unique name: tpcdb1
Database name: 
Oracle home: /app/oracle/product/12.2/db_1
Oracle user: oracle
Spfile: +DATA/tpcdb1/spfiletpcdb1.ora
Password file: +DATA/TPCDB1/PASSWORD/pwdtpcdb1.462.1224945303
Domain: 
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Server pools: 
Disk Groups: DATA,FRA
Mount point paths: 
Services: 
Type: RAC
Start concurrency: 
Stop concurrency: 
OSDBA group: dba
OSOPER group: oper
Database instances: tpdb1,tpdb2
Configured nodes: rac1,rac2
CSS critical: no
CPU count: 0
Memory target: 0
Maximum memory: 0
Default network number for database services: 
Database is administrator managed



为ASM实例创建密码文件:
orapwd file='+DATA/ASM/orapwasm' force=y
为数据库实例创建密码文件(应使用 dbuniquename, 不要加asm=y):
orapwd file=’+DATA’ dbuniquename=’orcl’ entries=10 force=y
orapwd file='+DATA/orcl/orapworcl' dbuniquename=orcl force=y format=12


如果Oracle12c DG备库使用ASM，则使用以下命令修改sys密码:
orapwd input_file='/path/name' file='+asm/path/name' format=12 dbuniquename='DB_NAME'

如果需要修改密码文件位置，则使用以下命令:
srvctl modify database -db DN_NAME -pwfile '+asm/path/name'

七、添加新密码文件到数据库

Oracle12c 12.1.0.2需要手工将密码文件添加至数据库，Oracle12c 12.2版本则不需要此步骤

[oracle@server01 ~]$ srvctl config database -d orcl
Database unique name: orcl
Database name: orcl
Oracle home: /u01/app/oracle/product/12.1.0/db_1
Oracle user: oracle
Spfile: +DATA/orcl/spfileorcl.ora
Password file: 
Domain: 
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Server pools: 
Disk Groups: FRA,DATA
Mount point paths: 
Services: 
Type: RAC
Start concurrency: 
Stop concurrency: 
OSDBA group: dba
OSOPER group: oper
Database instances: orcl1,orcl2
Configured nodes: server01,server02
Database is administrator managed

[oracle@server01 ~]$ srvctl modify database -d orcl -pwfile +data/orcl/password/pwdorcl.269.1224943215

[oracle@server01 ~]$ srvctl config database -d orcl
Database unique name: orcl
Database name: orcl
Oracle home: /u01/app/oracle/product/12.1.0/db_1
Oracle user: oracle
Spfile: +DATA/orcl/spfileorcl.ora
Password file: +data/orcl/password/pwdorcl.269.1224943215
Domain: 
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Server pools: 
Disk Groups: FRA,DATA
Mount point paths: 
Services: 
Type: RAC
Start concurrency: 
Stop concurrency: 
OSDBA group: dba
OSOPER group: oper
Database instances: orcl1,orcl2
Configured nodes: server01,server02
Database is administrator managed

八、密码登录验证

[oracle@server01 ~]$ sqlplus sys@orcl as sysdba