ASM device error ORA-27041 ORA-15025 ORA-15081 (Doc ID 1487475.1)

rongshiyuan發表於2014-03-10
ASMdevError

ASM device error ORA-27041 ORA-15025 ORA-15081 (Doc ID 1487475.1)

In this Document

Symptoms
Cause
Solution
References

Applies to:

Oracle Database - Enterprise Edition - Version 11.2.0.1 to 11.2.0.4 [Release 11.2]
Information in this document applies to any platform.

Symptoms

 1. All ASM diskgroups are currently mounted

2. Majority of the business applications are running without any issue.

3. There is no issue when connecting to RDBMS using RDBMS OS user ( example "oracle" user )

4. Role separation  between ASM devices and RDBMS has been implemented.
    For example,  grid for ASM instance & oracle for RDBMS instance

5. The following error is reported in RDBMS alert.log.

   ORA-15025: could not open disk '/dev/rhdisk10'
   ORA-27041: unable to open file
   IBM AIX RISC System/6000 Error: 13: Permission denied
   Additional information: 11                      
   ORA-01115: IO error reading block from file 1
   ORA-01110: data file 1; +DATA/orcl/system
   ORA-15081: failed to submit an I/O operation to a disk
   ORA-01110: data file 1; +DATA/orcl/system; ORA-15081: failed to submit an I/O operation to a disk

 

 

 
   

Cause


This issue can happen with wrong permission of oracle binary from RDBMS home or wrong permission of ASM devices.  The group owner of oracle binary from RDBMS home should be the same as the group owner of all ASM devices with setuid and setgid bit configured, so that any user connecting RDBMS can have the group priviledge configured for oracle binary.

For example, if all ASM devices are owned by "asmadmin" group, the group of oracle binary should be set to "asmadmin" with setgid priviledge.

And the group owner of ASM devices should be the same as the one specified as sysasm group on GRID installation and can be checked with the following command.

$ cat $GRID_HOME/rdbms/lib/config.[sc] | grep -i SS_ASM_GRP


Examples of wrong configuration for role separation between GRID and RDBMS.

RDBMS OS user         : oracle
GRID OS user           : grid
SYSASM group owner : asmadmin
$ cat $GRID_HOME/rdbms/lib/config.[sc]  | grep -i SS_ASM_GRP
#define SS_ASM_GRP "asmadmin"
char *ss_dba_grp[] = {SS_DBA_GRP, SS_OPER_GRP, SS_ASM_GRP};

 

CASE GRID(oracle binary) RDBMS(oracle binary) ASM Devices permission Impact
1. Wrong ASM device group permission -rwsr-s--x 1 grid oinstall -rwsr-s--x 1 oracle asmadmin  brw-rw---- 1 grid dba ( or asmdba )

Database connections using oracle user does not have any issue as oracle user usually belong to dba as a secondary group who has read/write permission on ASM devices.

But any user who does not belong to dba group will cause the error described in the symptom.

2. Wrong oracle group permission from RDBMS   -rwsr-s--x 1 grid oinstall  -rwsr-s--x 1 oracle oinstall   brw-rw---- 1 grid asmadmin Database will not start up as even oracle user does not  have enough priviledge to read/write from/to ASM devices
3. Wrong oracle  binary group permission from RDBMS and wrong ASM device group permission     -rwsr-s--x 1 grid oinstall -rwsr-s--x 1 oracle oinstall  brw-rw---- 1 grid oinstall

Any user who doesn't belong to oinstall group will cause the error described in the symptom above.

And  this is not a real role separation between ASM ( SA - Storage team )  and RDBMS ( DBA team ) as all users belonged to oinstall group can destroy ASM devices using OS command such as "dd" etc.

4. No setuid bit for oracle binary from RDBMS Home    -rwsr-s--x 1 grid oinstall -rwxr-x--x 1 oracle asmadmin  brw-rw---- 1 grid asmadmin Any user other than oracle will cause the error described in the symptom above
5. No setuid bit for oracle binary from GRID Home   -rwxr-x--x 1 grid oinstall  rwsr-s--x 1 oracle asmadmin   brw-rw---- 1 grid asmadmin Database will not start up with ORA-00205 and ORA-27123 error from RDBMS side. See Oracle Note 1487382.1
6. Correct Permission for role separation  -rwsr-s--x 1 grid oinstall -rwsr-s--x 1 oracle asmadmin    brw-rw---- 1 grid asmadmin No issue.

 

Solution

1. Implement the correct permission for oracle binary from GRID and RDBMS Home and ASM devices.

  GRID(oracle binary) RDBMS(oracle binary) ASM Devices permission
Correct Permission for role separation -rwsr-s--x 1 grid oinstall -rwsr-s--x 1 oracle asmadmin  brw-rw---- 1 grid asmadmin

 

2. How to add setuid and setgid bit to oracle binary

    Shutdown RDBMS ( or ASM ) instance

    $ chmod 6751 oracle

    And start up instance

3. How to change the group permission of oracle binary from RDBMS home.

    - See Oracle Note 1084186.1

   << Confirm sysasm group name using "$ cat $GRID_HOME/rdbms/lib/config.[sc]  | grep -i SS_ASM_GRP "


4. How to change the group permission of ASMLib devices.

4-1. Stop CRS ( or ASM instance )  from all nodes but this can be done in a rolling fashion in a situation where CRS stack can not be stopped at the same time.

# crsctl stop crs -f

 << This will shutdown RDBMS/ASM and CRS

4-2. Stop oracleasm 

# /sbin/service oracleasm stop

 << If ASMlib is not stopped properly, see Solution #2 ] in Oracle  Note 1444115.1 .

4-3. Reconfigure  ASMlib with the correct group ( ex. asmadmin )

# /usr/sbin/oracleasm configure -i

4-4. Startup ASMlib 

# /sbin/service oracleasm start

 
4-5. Check whether group infromation from all ASM disks in /dev/oracleasm/disks/* has been changed to correct group.

4-6. Start CRS
  

# crsctl start crs    

 

Simple Workaround

1. Give read permission to the world  for all ASM devices to check whether the issue is the same described in the Cause section because this error only happens on read operation from ASM devices.
    But this temporary workaround won't work on next reboot or on ASMlib restart as ASMLib restart will restore the original permission.
  

# chmod 664 /dev/oracleasm/disks/*  

 
2. If the group owner of oracle binary from RDBMS home has changed to conform to the group owner of ASM devices other than sysasm ( SS_ASM_GRP) group, chances are that the next RDBMS startup with srvctl will change the group owner to the original group, which is an expected behaviour. But the issue doesn't happen with sqlplus.




Appendix I

If  the impact of this issue  and which application or user causing this issue  have not been determined, run OSWatcher till the same error is reported and find process id in RDBMS alert.log to check which application or OS user is responsible for this error from oswps data.

- OS Watcher Black Box User Guide (Doc ID 301137.1)  

 

References

NOTE:1084186.1 - Database Creation on 11.2 Grid Infrastructure with Role Separation ( ORA-15025, KFSG-00312, ORA-15081 )
NOTE:1317692.1 - 11.2 Job Seperation causes WARNINGS and ORA-15025 ORA-27041 With Certain Users

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/17252115/viewspace-1104341/,如需轉載,請註明出處,否則將追究法律責任。

相關文章