Troubleshooting DB instance start fail ‘kggpnpInit: failed to init gpnp’ after apply DB PSU 11g,12c,18c,19c
ORACLE RAC环境记的之前GI和DB的version 前4位相同是可以兼容的,甚至有时DB PSU比GI PSU新,最近有朋友遇到只安装了DB PSU后,RAC中实例启动失败的问题,这里记录一下原因。
1, Check db alert log
[USER(3037)]CRS-2316:Fatal error: cannot initialize GPnP, CLSGPNP_ERR (Generic GPnP error).
kggpnpInit: failed to init gpnp
WARNING: No cluster interconnect has been specified. Depending on
the communication driver configured Oracle cluster traffic
may be directed to the public interface of this machine.
Oracle recommends that RAC clustered databases be configured
with a private interconnect for enhanced security and
performance.
2, Check interconnect network
Public interface used as interconnect interface as seen in gv$cluster_interconnects
Cause
For a database instance running in a RAC cluster, both DB PSU component and OCW PSU component of the GI PSU must be applied.
In this case, only the DB PSU component was applied to the DB home without applying the OCW PSU component of the GI PSU.
Verify using “opatch lsniventory” command on the database home.
From October 2018 PSU of Oracle RAC you must apply OCW component of the GI patch as well to the Oracle Home.
OCW Patch is available as part of GI PSU Bundle, you cannot download it individually (in general),But you can apply it individually to DB Home. This can be really an issue if you have done newer versions of Oracle install on higher version of Cluster.
Solution – Apply OCW Patch
Step 2 – Create the ocm file
$ cd $ORACLE_HOME/ccr/bin $ ./emocmrsp (respond [enter] and then 'Y'> $ cp ocm.rsp /home/oracle/
Step 3 – Patch Apply as db user
$<UNZIPPED_PATCH_LOCATION>/<patch>/custom/server/<patch>/custom/scripts/prepatch.sh -dbhome <ORACLE_HOME> $<ORACLE_HOME>/OPatch/opatch napply -oh <ORACLE_HOME> -local <UNZIPPED_PATCH_LOCATION>/<patch>/custom/server/<patch> $<UNZIPPED_PATCH_LOCATION>/<patch>/custom/server/<patch>/custom/scripts/postpatch.sh -dbhome <ORACLE_HOME>
有些其他情况,如安装19C GI和11G db时,alert log中有提示,但不影响启动,gpnptool get正常,gpnpd服务启动正常,应该是可以忽略。
如果有问题时可以测试 gpnptool get.
像Mos 2292523.1中提到,如果日志前有CRS-2317:Fatal error: cannot get local GPnP security keys (wallet)报错在前,这种情况后跟CRS-2316那主要原因是CRS-2317, 进程trace中可能有如下信息
2017-06-06 12:57:13.403: [ GPNP]nzSWB_SetWalletArray: NZ error code : 29164=====================> 2017-06-06 12:57:13.403: [ GPNP]nzSWB_SetWalletArray: NZ error message : External PKCS #12 wallet is not supported in FIPS mode.
FIPS正在阻止数据库打开GPNP钱包,因此它无法发现HAIP的详细信息,然后数据库被迫使用公共IP。 fips.ora 文件中定义了加密算法,当前又不支持FIPS模式,可以绕过该文件使数据库打开,rename所有节点fips.ora文件。
ls -al $ORACLE_HOME/ldap/admin mv fips.ora fips.ora.old
重启数据库实例,验证是否实例有配置cluster_interconnects 参数,如果没有默认应该是使用haip, 169.254.*.*
SQL> select INST_ID, IP_ADDRESS from GV$CLUSTER_INTERCONNECTS;
LINUX 7需要配置/etc/default/grub,启用FIPS。 验证是否OS启用了FIPS模式:
[root@ol7-vServer ~]# more /proc/sys/crypto/fips_enabled 1
配置参考 How to Enable FIPS Mode on OL7 Guest vServers (Doc ID 2826055.1)
对不起,这篇文章暂时关闭评论。