在rhel8.x上安装19c rac无法建立节点对等性

郑全

问题已经验证，确实存在，具体解决办法及参考见下面的原文：

INS-06006 GI RunInstaller Fails If OpenSSH Is Upgraded to 8.x (Doc ID 2555697.1)

In this Document

Symptoms

Changes

Cause

Solution

References

APPLIES TO:

Oracle Database - Enterprise Edition - Version 19.3.0.0.0 and later

Information in this document applies to any platform.

SYMPTOMS

When attempting to configure 19c grid infrastructure by running <gridSetup.sh>, the following error occurs in SSH connectivity step:

[INS-06006] Passwordless SSH connectivity not set up between the following node(s): [<racnode2>]

The error can't be ignored so CRS installation fails.

However, SSH setup shows successful and ssh <node> date command works fine for all nodes, CVU user equivalence check also shows passed status.

Run gridSetup.sh in debug mode:

$ gridSetup.sh -debug | tee /tmp/gridsetup.log

In the debug trace "/tmp/gridsetup.log", it reports <protocol error: filename does not match request> when calling <scp> command:

[Worker 0] [ 2019-05-31 14:40:49.921 CST ] [UnixSystem.remoteCopyFile:848]  UnixSystem: /usr/local/bin/scp -p <racnode2>:'/tmp/GridSetupActions2019-05-31_02-39-46PM/CVU_19.0.0.0.0_grid/scratch/getFileInfo12906.out' /tmp/GridSetupActions2019-05-31_02-39-46PM/<racnode2>.getFileInfo12906.out

[Thread-440] [ 2019-05-31 14:40:49.921 CST ] [StreamReader.run:62]  In StreamReader.run

[Worker 0] [ 2019-05-31 14:40:49.921 CST ] [RuntimeExec.runCommand:294]  runCommand: Waiting for the process

[Thread-439] [ 2019-05-31 14:40:49.921 CST ] [StreamReader.run:62]  In StreamReader.run

[Thread-440] [ 2019-05-31 14:40:50.109 CST ] [StreamReader.run:66]  ERROR>protocol error: filename does not match request

[Worker 0] [ 2019-05-31 14:40:50.109 CST ] [RuntimeExec.runCommand:296]  runCommand: process returns 1

[Worker 0] [ 2019-05-31 14:40:50.109 CST ] [RuntimeExec.runCommand:323]  RunTimeExec: error>

[Worker 0] [ 2019-05-31 14:40:50.109 CST ] [RuntimeExec.runCommand:326]  protocol error: filename does not match request

CHANGES

OpenSSH is upgraded to 8.x.

CAUSE

OpenSSH is upgraded to 8.x. Please note OpenSSH's behavior might be different on any other platforms/OS, for example on AIX, OpenSSH 7.5 has this problem, and on SLES Linux 12 SP4, OpenSSH_7.2p2 has this problem.

# ssh -V

OpenSSH_8.0p1, OpenSSL 1.0.2r 26 Feb 2019

The below command might also give the above error on OpenSSH 8.0.

# scp -p <racnode2>:"'/tmp/test.txt'" /tmp/test.txt

protocol error: filename does not match request

And the error can be avoided by adding "-T" option in the command:

# scp -T -p <racnode2>:"'/tmp/test.txt'" /tmp/test.txt

test.txt 100% 2 0.1KB/s 00:00

To mitigate the risk of (CVE-2019-6111), OpenSSH 8.0 adds client-side checking that the filenames sent from the server match the command-line request, if there is a difference between client and server wildcard expansion, the client may refuse files from the server. For this reason, OpenSSH 8.0 provids a new "-T" flag to scp that disables these client-side checks. for details, see https://www.openssh.com/txt/release-8.0

SOLUTION

Workaround : (if your unix admin allows it)

Before installation, as root user: (please change the path if the location of your "scp" is not the same with below)

# Rename the original scp.

mv /usr/bin/scp /usr/bin/scp.orig

# Create a new file </usr/bin/scp>.

vi /usr/bin/scp

# Add the below line to the new created file </usr/bin/scp>.

/usr/bin/scp.orig -T $*

# Change the file permission.

chmod 555 /usr/bin/scp

After installation:

mv /usr/bin/scp.orig /usr/bin/scp

REFERENCES

NOTE:30159782.8 - Bug 30159782 - Remote Copy Fails if using openssh-7.2. 7.4, etc.

NOTE:30189609.8 - Bug 30189609 - CVU FAILS TO DETECT THE PASSWORDLESS SSH AS WELL AS TO SETUP PASSWORDLESS SSH CONNECTIVITY

郑全

根本原因是SSH新版本7.2以上的问题。

郑全

郑全 发表于 2020-12-24 21:53
根本原因是SSH新版本7.2以上的问题。

ug 29529394 - DBCA/NETCA FAIL TO VERIFY SSH CONNECTIVITY [INS-06005] UNABLE TO GET SSH CONNECTIVITY DETAILS (Doc ID 29529394.8)

Bug 29529394  DBCA/NETCA FAIL TO VERIFY SSH CONNECTIVITY [INS-06005] UNABLE TO GET SSH CONNECTIVITY DETAILS

This note gives a brief overview of bug 29529394.

The content was last updated on: 10-APR-2020

Click here for details of each of the sections below.

Affects:

Product (Component)        Oracle Server (OPSM)

Range of versions believed to be affected        Versions BELOW 20.1

Versions confirmed as being affected       

(None Specified)

Platforms affected        Generic (all / most platforms affected)

Fixed:

The fix for 29529394 is first included in       

20.1.0

19.7.0.0.200414 (Apr 2020) OCW Release Update Revision(OCW RU)

Interim patches may be available for earlier versions - click here to check.

Symptoms:

Related To:

(None Specified)

Cluster Ready Services / Parallel Server Management

Description

This bug is only relevant when using Real Application Clusters (RAC)

Issue occurred due to new OS version of OL8/RHEL8

Rediscovery information:

Inventory location is /u01/app/oraInventory

[WARNING] [INS-06005] Unable to get SSH connectivity details.

   CAUSE: An unexpected error occured while getting SSH connectivity details

across the selected nodes.

   ACTION: Refer to the logs for more details or contact Oracle Support

Services.

   SUMMARY:

       - java.lang.NullPointerException

Inventory location is /u01/app/oraInventory

[WARNING] [INS-08109] Unexpected error occurred while validating inputs at

state 'ConfigurationParams'.

   CAUSE: No additional information available.

   ACTION: Contact Oracle Support Services or refer to the software manual.

   SUMMARY:

       - Could not initialize class

oracle.ops.verification.framework.storage.StorageUtil

ERROR (node:testc150): DBCA failed, exit status: 255

ssh key-based login is setup to/from both nodes:

$ ./cluvfy comp nodecon -n testc150,testc151

Verification of node connectivity was successful.

CVU operation performed:      node connectivity

Date:                         Mar 23, 2019 9:44:47 PM

CVU home:                     /u01/app/20c/grid/

User:                         oracle

[oracle@testc150 bin]$ ./cluvfy comp nodereach -n <node1>,<node2>

Verification of node reachability was unsuccessful on all the specified

nodes.

CVU operation performed:      node reachability

Date:                         Mar 23, 2019 9:46:30 PM

CVU home:                     <GI_HOME>

User:                         oracle

tried with domain name, just for kicks:

Workaround

None

Please note: The above is a summary description only. Actual symptoms can vary. Matching to any symptoms here does not confirm that you are encountering this problem. For questions about this bug please consult Oracle Support.

References

Bug:29529394 (This link will only work for PUBLISHED bugs)

Note:245840.1 Information on the sections in this article

郑全

INS-06005 During Grid Infrastructure Install Due to Missing Execution Access to ping Command (Doc ID 2301337.1)
Bug 30189609 - CVU Fails to Detect the Passwordless SSH as well as to Setup Passwordless SSH Connectivity (Doc ID 30189609.8)
Bug 30159782 - Remote Copy Fails if using openssh-7.2. 7.4, etc. (Doc ID 30159782.8)
GridSetup Results Error Remote node(s) not configured for passwordless SSH connectivity (Doc ID 2523358.1)
Bug 29529394 - DBCA/NETCA FAIL TO VERIFY SSH CONNECTIVITY [INS-06005] UNABLE TO GET SSH CONNECTIVITY DETAILS (Doc ID 29529394.8)
INS-06006 GI RunInstaller Fails If OpenSSH Is Upgraded to 8.x (Doc ID 2555697.1)

19.7以下版本安装存在的问题