Exadata Database Machine V2
 

PLA-Support>Eng Systems>Exadata/ODA/SSC>Oracle Exadata>DB: Exadata_EST
 

Applies to:

Goal

You have an Exadata Rack using ZFS Backup Storage, which runs the Exadata Backup Configuration Utility.

The script exadata_bcu no longer works after running Exadata Hardeneing, ie /opt/oracle.SupportTools/harden_passwords_reset_root_ssh.

Fix

Once Exadata Hardeneing, ie /opt/oracle.SupportTools/harden_passwords_reset_root_ssh, is run, the authorised ssh keys setup on the hosts are removed. 

The Exadata Backup Configuration Utility script relies on these keys for authentication.

This has been logged as unpublished BUG 15802017 - SUNBT7181862 Exadata hardening (/opt/oracle.SupportTools/harden_passwords_reset. 

This fix will be available in version 1.1.1 of the Exadata Backup Configuration Utility.

In the meanwhile you can use the following Workaround:

$ ./exadata_bcu (Exit after Step 1)

$ ssh root@dbnode-01
dbnode-01 # ssh-keygen -t rsa
dbnode-01 # dcli -l root -g ~oracle/dbs_group -k
dbnode-01 # exit

$ ./install_key -t exadata root@dbnode-01

$ ./exadata_bcu -t template/<db-name> (Resume and skip to Step 2)

After completing the Step 2, the ssh key setup may be removed.

$ ssh root@cell-01
dbnode-01 # dcli -l root -c dbnode-08 rm -rf .ssh
dbnode-01 # dcli -l root -c dbnode-07 rm -rf .ssh
...
dbnode-01 # dcli -l root -c dbnode-02 rm -rf .ssh
dbnode-01 # dcli -l root -c dbnode-01 rm -rf .ssh

There also has been an Enhancement Request filed to support sudo: 

BUG 15810815 - SUNBT7192337 support non-root login through sudo to configure Exadata nodes

References

This solution has no attachment