How to Move the Oracle 19c ASM Password File In And Out of ASM - ptdb

Per default, the Oracle ASM Password file is located in ASM itself. To be more precise, it is in the following
location +DATA/orapwasm which is a symbolic link to orapwasm => +DATA/ASM/PASSWORD/pwdasm.256.1055063947

[oracle@ocm200 dbs]$ srvctl config asm
ASM home: <CRS home>
Password file: +DATA/orapwasm
Backup of Password file:
ASM listener: LISTENER
Spfile: /u01/grid/19c/dbs/spfile+ASM.ora
ASM diskgroup discovery string: /dev/oracleasm/*

ASMCMD> pwd
+data
ASMCMD> ls -l
Type      Redund  Striped  Time             Sys  Name
                                            Y    ASM/
                                            N    CDB/
PASSWORD  UNPROT  COARSE   OCT 29 09:00:00  N    orapwasm => +DATA/ASM/PASSWORD/pwdasm.256.1055063947

However, every now and than, you might want to copy the ASM password file out of ASM and put it on a filesystem. E.g. As part of your backup strategy, you might want to backup the ASM password file every week to another location.

Remember that the password file in Oracle 19c is not so simple anymore as it used to be. It may be of different format {12|12.2}, and it may contain besides the SYS user a few others, like SYSBACKUP, SYSDG and SYSKM. And also remember that the ASM password is not backed up by RMAN automatically.

If I may convinced you that the ASM password file can have some importance, the next question would be: How do I backup and restore this file. This is where the pwcopy command comes into play. pwcopy is quite well documented, if you type in “help pwcopy” in the ASMCMD you will get the whole syntax.

ASMCMD> help pwcopy
pwcopy
        Copy a password file from one disk group to another,
        from OS to a disk group, or from a disk group to OS

Synopsis
        pwcopy [ --dbuniquename <string> | --asm ][-f]
        <source_path> <destination_path>

Description
        The options for pwcopy command are described below.

       --dbuniquename       -  The dbuniquename parameter identifies
                               which database resource to update with
                               the password file location. This
                               parameter is required if the database
                               password file location is to be updated
                               on the CRS resource.
       --asm                -  The asm switch tells ASMCMD that the
                               password file to be copied is an ASM
                               password file rather than a database
                               password file. This parameter is required
                               if the asm password file location is to be
                               updated on the CRS resource.
       -f                   -  Force Option. If -f is specified, then password
                               file is copied without any checks.

Examples
        The first example uses pwcopy to copy an existing
        password file to a new location on a different ASM diskgroup.
        It also updates the corresponding CRS resource with the new
        location if --asm or --dbuniquename flag is specified.
        The second example uses pwcopy to copy a password file
        from a diskgroup to OS.  The third example uses pwcopy to copy a
        password file from one diskgroup to another, with -f option.
        In this case, if --asm has a password file associated, will be
        cleared and new file will be registered.

        ASMCMD [+] > pwcopy --asm +DG/mydir/mypwfile +DG1/pwfiles/mypwfile
        copying +DG/mypwfile -> +DG1/pwfiles/mypwfile

        ASMCMD [+] > pwcopy +DG/mydir/mypwfile /home/asmuser/pwfiles/mypwfile
        copying +DG/mypwfile -> /home/asmuser/pwfiles/mypwfile

        ASMCMD [+] > pwcopy --asm -f +DG1/mydir/mypwfile +DG2/mydir2/mypwfile2

See Also
       pwcreate pwdelete pwmove pwset pwget

ASMCMD>

So let’s fire up the pwcopy command and see if it works. After doing so, you might face the first issue. The pwcopy does not like the + sign in orapw+ASM. You need to specify orapwASM instead.

ASMCMD> pwcopy +DATA/orapwasm /u01/grid/19c/dbs/orapw+ASM
ASMCMD-8005: directory '/u01/grid/19c/dbs/orapw+ASM' is ambiguous

ASMCMD> pwcopy +DATA/orapwasm /u01/grid/19c/dbs/orapwASM
copying +DATA/orapwasm -> /u01/grid/19c/dbs/orapwASM

And please notice that it had no effect on the cluster resource. The password file entry still points to +DATA/orapwasm

[oracle@ocm200 dbs]$ srvctl config asm
ASM home: <CRS home>
Password file: +DATA/orapwasm
Backup of Password file:
ASM listener: LISTENER
Spfile: /u01/grid/19c/dbs/spfile+ASM.ora
ASM diskgroup discovery string: /dev/oracleasm/*

After we have moved the ASM password file to the file system, we can change the ASM cluster resource as well.

[oracle@ocm200 dbs]$ srvctl modify asm -pwfile /u01/grid/19c/dbs/orapwASM
[oracle@ocm200 dbs]$
[oracle@ocm200 dbs]$ srvctl config asm
ASM home: <CRS home>
Password file: /u01/grid/19c/dbs/orapwASM
Backup of Password file:
ASM listener: LISTENER
Spfile: /u01/grid/19c/dbs/spfile+ASM.ora
ASM diskgroup discovery string: /dev/oracleasm/*

The old password file in ASM is still there.

ASMCMD> ls -l
Type      Redund  Striped  Time             Sys  Name
                                            Y    ASM/
                                            N    CDB/
PASSWORD  UNPROT  COARSE   OCT 27 05:00:00  N    orapwasm => +DATA/ASM/PASSWORD/pwdasm.256.1054878913

Before we continue, make sure that you make an extra copy of the ASM Password file (the one that is on the filesystem). Will show you later why.

[oracle@ocm200 dbs]$ pwd
/u01/grid/19c/dbs
[oracle@ocm200 dbs]$ cp orapwASM orapwASM.bkp

So what happens, if you use the pwdelete –asm command?

ASMCMD> pwdelete --asm
ASMCMD>

[oracle@ocm200 dbs]$ srvctl config asm
ASM home: <CRS home>
Password file:
Backup of Password file:
ASM listener: LISTENER
Spfile: /u01/grid/19c/dbs/spfile+ASM.ora
ASM diskgroup discovery string: /dev/oracleasm/*

[oracle@ocm200 dbs]$ ls -l | grep orapw
-rw-r-----. 1 oracle oinstall 2560 Oct 29 09:28 orapwASM.bkp

Oopppsss … it deletes the entry in the cluster resource and also deletes the orapwASM file which was on the file system.

So … take care with the pwdelete –asm command.

The good news is, that the ASM password file still exist. And because we are careful DBA’s, we do have the backup file orapwASM.bkp as well.

ASMCMD> ls -l
Type      Redund  Striped  Time             Sys  Name
                                            Y    ASM/
                                            N    CDB/
PASSWORD  UNPROT  COARSE   OCT 29 09:00:00  N    orapwasm => +DATA/ASM/PASSWORD/pwdasm.256.1055063947

Now I will remove the leftovers as well.

ASMCMD> pwdelete +DATA/ASM/PASSWORD/pwdasm.256.1055063947
ASMCMD>

ASMCMD> ls -l
Type  Redund  Striped  Time  Sys  Name
                             Y    ASM/
                             N    CDB/

The current situation is:

There is no Password file entry in the ASM cluster resource
The Password file /u01/grid/19c/dbs/orapwASM does not exist (was deleted automatically)
But we have our backup orapwASM.bkp

To fix this mess, we need now to move orapwASM.bkp to orapwASM and register it again in the ASM cluster resource

[oracle@ocm200 dbs]$ mv orapwASM.bkp orapwASM
[oracle@ocm200 dbs]$

[oracle@ocm200 dbs]$ srvctl modify asm -pwfile /u01/grid/19c/dbs/orapwASM
[oracle@ocm200 dbs]$

[oracle@ocm200 dbs]$ srvctl config asm
ASM home: <CRS home>
Password file: /u01/grid/19c/dbs/orapwASM
Backup of Password file:
ASM listener: LISTENER
Spfile: /u01/grid/19c/dbs/spfile+ASM.ora
ASM diskgroup discovery string: /dev/oracleasm/*

OK. After a little bit of trouble, we are back in business again. 🙂

Now … how do we get the ASM password file from file system back to +ASM. This way it is a little bit easier.

ASMCMD> pwcopy --asm /u01/grid/19c/dbs/orapwASM +DATA/orapwasm
ASMCMD-8028: Password file '/u01/grid/19c/dbs/orapwASM' is associated with 'asm' already. Use the force option.

Oracle says, that the password file ‘/u01/grid/19c/dbs/orapwASM’ for ASM is already register with the ASM cluster resource (which is true), so we
need to use the force option here. If -f is specified, then password file is copied without any checks.

ASMCMD> pwcopy --asm -f /u01/grid/19c/dbs/orapwASM +DATA/orapwasm
copying /u01/grid/19c/dbs/orapwASM -> +DATA/orapwasm

OK. Now it worked and we have the ASM password back on ASM itself, and the ASM cluster resource looks good as well.

ASMCMD> ls -l
Type      Redund  Striped  Time             Sys  Name
                                            Y    ASM/
                                            N    CDB/
PASSWORD  UNPROT  COARSE   OCT 29 09:00:00  N    orapwasm => +DATA/ASM/PASSWORD/pwdasm.256.1055065371

[oracle@ocm200 dbs]$ srvctl config asm
ASM home: <CRS home>
Password file: +DATA/orapwasm
Backup of Password file:
ASM listener: LISTENER
Spfile: /u01/grid/19c/dbs/spfile+ASM.ora
ASM diskgroup discovery string: /dev/oracleasm/*

In case the remote SYS connection should not work immediately, you might want to speed up the process by executing the following command.


SQL> ALTER SYSTEM FLUSH PASSWORDFILE_METADATA_CACHE;

System altered.

Conclusion

You might want to rethink your backup strategy and include the ASM password file. Besides that, take care with the pwcopy/pwdelete command, because, depending on your usage, it will automatically change your ASM cluster resource and potentially delete the password file.

Cheers

William

Post Views: 1,208

Conclusion

You Might Also Like

How To Upgrade The TimeZone Version On Oracle 18.1.5 CDB With PDB’s From Version 31 to 33

How To Clone A CentOS/RHEL 8.2 Virtual Box VM With A Pre-Installed 19c Oracle Restart Grid Infrastructure

ORACLE: How To Relink Oracle Restart (Grid Infrastructure) 21c on OEL 8.7