Oracle 19c Installer: Root Equivalence Fails

 

Oracle 19c Installer: Root Equivalence Fails

Abstract:

The Oracle Installer is a common component for interactions with Oracle databases. It has a tendency of being a little buggy, very sensitive to the underlying operating system. When Solaris 11.4 upgraded, some of the underlying components are no longer compatible with the 19c installer, so workarounds must be implemented.

[Oracle RAC Architecture, courtesy Oracle Tutorial]

Oracle Architecture

When the installer is setting up the database in a RAC cluster, there is a procedure to set up root equivalence or test root equivalence. This is essentially password-less ssh between clustered nodes The process performs an "scp" of a file between the clustered hosts, and this can fail.

What can possibly go wrong?

A complete list of common failures and workarounds for the installer is located in an Oracle Note:
TOP Note: Solutions for Typical Grid Infrastructure/RAC Database runInstaller Issues (Doc ID 1056713.1)

The Oracle19c installer does not do "strict filename checking", which makes it incompatible with OpenSSH 8.x and newer since Versions 8.x and above enable “strict filename checking” by default. 

See Oracle Doc ID 2555697.1

Does it apply to my situation?

The scp binary must be wrapped with a script that calls the binary with a special compatibility flag.
(Note: fix will be undone as future “ssh” patches are applied and the workaround will need repeating if installer is needed in the future... which is why the procedure I provide below is important, so the wrapper script does not get purged during an upgrade.)

Check version of ssh to determine if system Oracle 19c is installing against is too new.

sun2202/oracle$ ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.2u  20 Dec 2019

Note: The ssh software is too new for the Oracle 19c installer

Verify ssh is a binary and the workaround / fix has not already been implemented.

sun9999/oracle$ ls -alt /usr/bin/scp
-r-xr-xr-x   1 root     bin       135864 Jan  6 02:49 /usr/bin/scp

sun9999/oracle$ file /usr/bin/scp
/usr/bin/scp:       ELF 64-bit MSB dynamic lib SPARCV9 Version 1, UltraSPARC3 Extensions Required, position-independent executable, dynamically linked, not stripped, no debugging information available

Note: The scp command appears to be an original OS binary, meaning a wrapper can be applied.

What is the work around?

If the old Oracle 19c Installer is used, create shell wrapper to disable “strict filename checking.”

Create the wrapper and check permissions & ownership.

sun9999/root# cat /usr/bin/scp.Doc.ID.2555697.1

#
# bug in oracle installer, for compatibility with OpenSSH 8.x
# INS-06006 GI RunInstaller Fails If OpenSSH Is Upgraded to 8.x
# (Doc ID 2555697.1)
#
/usr/bin/scp.orig -T $* 

sun9999/root# ls -al /usr/bin/scp.Doc.ID.2555697.1
-r-xr-xr-x 1 root  bin   209 Jun 15  2020 /usr/bin/scp.Doc.ID.2555697.1

Note: the shell wrapper above was created, disables checking, and has corret permissions & ownership.

Show Binaries & Shell Wrapper

sun9999/root# ls -alt /usr/bin/scp*
-r-xr-xr-x 1 root bin 135864 Jan  6 02:49 /usr/bin/scp
-r-xr-xr-x 1 root bin    209 Jun 15  2020 /usr/bin/scp.Doc.ID.2555697.1

Copy binary to “.orig” for Wrapper, Move binary to backup [by OS patch], and Copy Wrapper in place.

sun9999/root# uname -a
SunOS sun2202 5.11 11.4.28.82.3 sun4v sparc sun4v

sun9999/oracle$ Backup=/usr/bin/scp.11.4.28

sun9999/oracle$ echo $Backup
/usr/bin/scp.11.4.28

sun9999/root# cp -p  /usr/bin/scp /usr/bin/scp.orig
sun9999/root# mv     /usr/bin/scp $Backup
sun9999/root# scp -p /usr/bin/scp.Doc.ID.2555697.1 /usr/bin/scp

sun9999/root# chown root:bin     /usr/bin/scp
sun9999/root# chmod 555          /usr/bin/scp

Show Binaries & Shell Wrapper

sun9999/root# ls -alt /usr/bin/scp*
-r-xr-xr-x 1 root bin    209 Jan 19 16:23 /usr/bin/scp
-r-xr-xr-x 1 root bin 135864 Jan  6 02:49 /usr/bin/scp.11.4.28
-r-xr-xr-x 1 root bin 135864 Jan  6 02:49 /usr/bin/scp.orig
-r-xr-xr-x 1 root bin    209 Jun 15  2020 /usr/bin/scp.Doc.ID.2555697.1

Verify scp script is functional

sun9999/oracle$ type scp
scp is hashed (/usr/bin/scp)

sun9999/oracle$ scp
usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]
            [-J destination] [-l limit] [-o ssh_option] [-P port]
            [-S program] source ... target

Instruct the DBA’s to resume use of the Oracle 19c installer

Caveats:

When an upgrade happens, it will be important to identify if the "scp" command is no longer a script and has been reverted to the binary.

If this had occurred, follow the same steps above:

1. creating a new ".orig"
2. create a new backup of the binary tagging it by what OS release & SRU
3. copy the wrapper back into place, with proper ownership & permissions

With the old wrapper & backups in place, you should be able to figure out what needs to be done without trying to find these instructions again.