Alert: Oracle RAC Instance Use Public Network As Private Interconnect Network On Kylin Linux v10
最近有个客户安装oracle RAC 在XC 环境, 11.2.0.4 RAC DB with Grid Infrastructure 19c,操作系统使用Kylin Linux V10, 在检查DB 实例使用的interconnect network时发现使用的public network,而非规划的private network, 但时检查 ASM Instance是正常, 使用oifcfg检查也正常,在db alert log中提示“failed to init gpnp”, 错误日志”NZ error code : 29106″, 提示简单记录一下这个风险。
DB Instance Alert log
Starting ORACLE instance (normal) .... [USER(xxx)]CRS-2317:Fatal error: cannot get local GPnP security keys (wallet). .... [USER(xxx)]CRS-2316:Fatal error: cannot initialize GPnP, CLSGPNP_ERR (Generic GPnP error). kggpnpInit: failed to init gpnp WARNING: No cluster interconnect has been specified. Depending on the communication driver configured Oracle cluster traffic may be directed to the public interface of this machine. Oracle recommends that RAC clustered databases be configured with a private interconnect for enhanced security and performance. ..... Cluster communication is configured to use the following interface(s) for this instance xxx.xxx.xxx.xxx --- public network IP
grep -i “gpnp%error” *.trc 日志,查找xxx_ora_xxx.trc
*** 2024-12-07 19:23:02.148
2024-12-07 19:23:02.148: [ default]failed to initialize skgp context
2024-12-07 19:23:02.148: [ default]slos op : sslssreghdlr
2024-12-07 19:23:02.148: [ default]slos dep : Error 0 (0)
2024-12-07 19:23:02.148: [ default]slos loc : sskgpinit1
2024-12-07 19:23:02.148: [ default]slos info:
[ CLWAL]clsw_Initialize: OLR initlevel [30000]
2024-12-07 19:23:02.149: [ default]a_init: Unable to get log name. Retval:[-4]
2024-12-07 19:23:02.154: [ GPNP]nzSWB_SetWalletArray: NZ security api nzSWB_SetWalletArray failed
2024-12-07 19:23:02.154: [ GPNP]nzSWB_SetWalletArray: NZ error code : 29106
2024-12-07 19:23:02.154: [ GPNP]nzSWB_SetWalletArray: NZ error message : Cannot import PKCS #12 wallet.
2024-12-07 19:23:02.154: [ GPNP]clsgpnpwu_walletfopen: [at clsgpnpwu.c:482] Result: (65) CLSGPNP_WALLET_ERR. Cannot create wallet (2571 bytes) from file: '/u01/app/19.0.0/grid/gpnp/node1/wallets/prdr/cwallet.sso'
2024-12-07 19:23:02.154: [ GPNP]clsgpnpwu_walletfopen: [at clsgpnpwu.c:500] Result: (65) CLSGPNP_WALLET_ERR. Cannot open wallet: '/u01/app/19.0.0/grid/gpnp/node1/wallets/prdr/cwallet.sso'
2024-12-07 19:23:02.156: [ GPNP]clsgpnp_getCK: [at clsgpnp0.c:2107] Fatal error: failed to get local gpnp security keys (wallet). Gpnp profiles cannot be verified. ***LOCAL GPNP SETUP INVALID***.>
2024-12-07 19:23:02.156: [ default]Fatal error: cannot get local GPnP security keys (wallet).
2024-12-07 19:23:02.156: [ GPNP]clsgpnp_InitIdSetCtxCK: [at clsgpnp0.c:4391] Result: (66) CLSGPNP_WALLET_NONE. Cannot get stored certkey for id=1
2024-12-07 19:23:02.156: [ GPNP]clsgpnp_Init: [at clsgpnp0.c:925] Result: (66) CLSGPNP_WALLET_NONE. Error getting certkeys.
2024-12-07 19:23:02.156: [ GPNP]clsgpnp_Init init failed. Error: CLSGPNP_ERR (1) .
2024-12-07 19:23:02.156: [ default]Fatal error: cannot initialize GPnP, CLSGPNP_ERR (Generic GPnP error).
kggpnpInit: failed to init gpnp
检查gpnp服务
$GRID_HOME/bin/crsctl stat res ora.gpnpd -t -init $GRID_HOME/bin//gpnptool get $GRID_HOME/bin/oifcfg getif $GRID_HOME/bin/gpnptool lfind Success. Local gpnpd found.
检查Interconnect network View
SQL> select INST_ID, IP_ADDRESS from GV$CLUSTER_INTERCONNECTS;
SQL> @st GV$CLUSTER_INTERCONNECTS;
INST_ID NAME IP_ADDRESS IS_ SOURCE CON_ID
---------- --------------- ---------------------------------------------- --- ------------------------------- ----------
1 ens256:1 169.254.23.254 NO 0
2 ens256:1 169.254.26.150 NO 0
相关案例
MOS无完全匹配的案例,之前我写过一篇blog 《Troubleshooting DB instance start fail ‘kggpnpInit: failed to init gpnp’ after apply DB PSU 11g,12c,18c,19c》。
CRS-2317:Fatal error: cannot get local GPnP security keys (wallet) messages reported in instance alert log (Doc ID 2292523.1)
NZ error code : 29164
Bug 16844086 – 11g Database cannot be started with a 12c Clusterware (Doc ID 16844086.8)
NZ error code :29106
11.2.0.4 RAC Instance Uses Public Network As Private Interconnect Network On RHEL8 (Doc ID 3037519.1)
NZ error code :29106
However, OCWRU for same patch level with GI can not be applied on DB_HOME since the version of GI is 19c.
Also, applying 11.2.0.4 OCWPSU that is same patch level with DB_HOME on DB_HOME does not solve the symptom.
错误代码
$ oerr ora 29106 29106, 00000, "Cannot import PKCS #12 wallet." // *Cause: A required parameter is NULL or the BER-encoding is malformed. // *Action: Enable tracing and attempt the connection again. Contact // Oracle customer support with the trace output. $ oerr ora 29164 29164, 00000, "External PKCS #12 wallet is not supported in FIPS mode." // *Cause: PKCS #12 wallets created using third party software cannot be // used in FIPS mode. // *Action: Use only PKCS #12 wallets created by Oracle Wallet Manager when running in // FIPS mode.
解决方案
该现象出现在11g DB 在 19c/12 GI, 操作系统可能是RHEL 8或Kylin V10 , 麒麟V10的内核基于OpenEuler,而OpenEuler又是基于Linux内核的。具体来说,麒麟V10的内核版本接近于CentOS 8的内核版本(如4.18或4.19),这意味着在系统底层架构上,两者有一定的兼容性, 接近于Doc ID 3037519.1。
如果你没有使用 Clusterware 就可以忽略这alert log中的错误日志message ‘No cluster interconnec ‘. 如果使用了 RAC or Clusterware 你需要检查当前使用的是还错误的使用了public network。目前未明确的bug, 当前解决可以配置 database init parameter cluster interconnects :
alter system set cluster_interconnects='YOUR_PRIVIp_ForNode1:YOUR_PRIVIp_ForNode2' scope=spfile sid='your_sid';
Restart db and check your database.
— 比较隐蔽,注意检查
微信扫一扫,打赏作者吧~
目前这篇文章还没有评论(Rss)