OracleRAC集群白名单管理
AI-摘要
Tianli GPT
AI初始化中...
介绍自己
生成本文简介
推荐相关文章
前往主页
前往tianli博客
本文最后更新于 2023-12-08,文章内容可能已经过时。
RAC白名单管理
一.查看本地IP
[oracle@rac1 ~]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# public IP
10.204.38.15 rac1.localdomain rac1
10.204.38.16 rac2.localdomain rac2
# private IP
192.168.38.15 rac1-priv.localdomain rac1-priv
192.168.38.16 rac2-priv.localdomain rac2-priv
# virtual IP
10.204.38.19 rac1-vip.localdomain rac1-vip
10.204.38.20 rac2-vip.localdomain rac2-vip
# rac scan IP
10.204.38.17 rac-cluster-scan.localdomain rac-cluster-scan
[oracle@rac1 ~]$
记录所有 public IP,private IP,virtual IP,rac scan IP
二.修改集群监听配置
1.使用grid用户登录
[oracle@rac1 ~]$ su - grid
Password:
Last login: Fri Aug 11 13:35:54 CST 2023 on pts/3
[grid@rac1 ~]$
2.修改sqlnet.ora文件
白名单规则中必须将[本地IP](# 一.查看本地IP) 全部添加,否则监听会出现异常
RAC中所有节点都要修改sqlnet.ora
[grid@rac1 ~]$ echo $ORACLE_HOME
/u01/app/11.2.0/grid
[grid@rac1 ~]$ vim /u01/app/11.2.0/grid/network/admin/sqlnet.ora
g sqlnet.ora.rac1 Network Configuration File: /u01/app/11.2.0/grid/network/admin/sqlnet.ora.rac1
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
ADR_BASE = /u01/app/oracle
SQLNET.EXPIRE_TIME = 60
tcp.validnode_checking=yes #开启ip限制
tcp.invited_nodes=(11.64.0.31,11.64.0.65,11.64.0.41,10.204.38.15,10.204.38.16,10.204.38.17,192.168.38.15,192.168.38.16,10.204.38.19,10.204.38.20,11.64.0.64,11.64.0.47,11.64.0.61,11.64.0.36,11.64.0.60,1.64.0.44,11.64.0.57,11.64.0.34,11.64.0.52,11.64.0.59,11.64.0.32,11.64.0.63,11.64.0.42,11.64.0.31,10.204.38.18,11.64.3.51,11.64.3.52,11.64.3.53,11.64.3.54,11.64.3.55,11.64.3.56,11.64.3.57,11.64.3.58,11.64.3.59,11.64.3.60,11.64.3.61,10.204.38.13) #设置白名单规则
SQLNET.AUTHENTICATION_SERVICES = NONE
~
3.重启监听
每个节点分别启停,不能用 lsnrctl reload
[grid@rac1 ~]$ srvctl stop listener -n rac1
[grid@rac1 ~]$ srvctl start listener -n rac1
[grid@rac1 ~]$ srvctl stop listener -n rac2
[grid@rac1 ~]$ srvctl start listener -n rac2
4.查看监听状态
[grid@rac1 ~]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 11-AUG-2023 15:59:31
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 11-AUG-2023 13:51:42
Uptime 0 days 2 hr. 7 min. 48 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/rac1/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.204.38.15)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.204.38.19)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
Instance "+ASM1", status READY, has 1 handler(s) for this service...
Service "xjxsora" has 1 instance(s).
Instance "xjxsora1", status READY, has 1 handler(s) for this service...
Service "xjxsoraXDB" has 1 instance(s).
Instance "xjxsora1", status READY, has 1 handler(s) for this service...
The command completed successfully
[grid@rac1 ~]$
评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果