【RAC】RAC 實現IP訪問控制

楊奇龍發表於2011-12-15
   關於oracle實現ip 訪問控制的資料見我的另一篇文章《sqlnet.ora 訪問控制策略
相對與單節點的oracle ,11gr2 rac中,listener是配置在GRID_HOME,而不是ORACLE_HOME,所以我們要修改的sqlnet.ora檔案是在GI_HOME/network/admin目錄下的而非ORACLE_HOME/network/admin 目錄。
實驗環境:
資料庫版本 11.2.0.1.0
rac1 10.250.7.225
rac2 10.250.7.249 vip 10.250.7.112
rac3 10.250.7.241
1 最初的配置,tcp.invited_nodes只包含rac1,rac2兩個節點的ip,不包含rac3的ip
grid@rac1:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora 
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
tcp.validnode_checking=yes
#允許訪問的ip
tcp.invited_nodes =(10.250.7.225,10.250.7.249)
ADR_BASE = /opt/rac/grid

grid@rac2:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora       
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
tcp.validnode_checking=yes
#允許訪問的ip
tcp.invited_nodes =(10.250.7.249,10.250.7.225)
ADR_BASE = /opt/rac/grid
2 在rac3 上進行測試tnsping rac1 rac2 
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac1
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 15-DEC-2011 16:19:46
Copyright (c) 1997, 2009, Oracle.  All rights reserved.
Used parameter files:
/opt/oracle/11.2.0/alifpre/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.225)(PORT = 1521))) (CONNECT_DATA = (SID = rac1)))
TNS-12547: TNS:lost contact
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac2
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 15-DEC-2011 16:19:48
Copyright (c) 1997, 2009, Oracle.  All rights reserved.
Used parameter files:
/opt/oracle/11.2.0/alifpre/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.112)(PORT = 1521))) (CONNECT_DATA = (SID = rac2)))
TNS-12547: TNS:lost contact

分別修改rac1 rac2 的 sqlnet.ora檔案
grid@rac2:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora       
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
tcp.validnode_checking=yes
#允許訪問的ip
tcp.invited_nodes =(10.250.7.249,10.250.7.241)
ADR_BASE = /opt/rac/grid
3 修改之後必須重啟監聽,(這個對於生產庫比較麻煩,最造成操作期間的新連線失敗)
grid@rac2:/opt/11202/11.2.0/grid/network/admin>srvctl stop listener 
grid@rac2:/opt/11202/11.2.0/grid/network/admin>srvctl start listener
grid@rac1:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora        
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
tcp.validnode_checking=yes
#允許訪問的ip
tcp.invited_nodes =(10.250.7.225,10.250.7.241)
ADR_BASE = /opt/rac/grid
重啟監聽!
grid@rac1:/opt/11202/11.2.0/grid/network/admin>srvctl stop listener  
grid@rac1:/opt/11202/11.2.0/grid/network/admin>srvctl start listener
4 再次進行測試:
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac2
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.112)(PORT = 1521))) (CONNECT_DATA = (SID = rac2)))
OK (0 msec)
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac1
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.225)(PORT = 1521))) (CONNECT_DATA = (SID = rac1)))
OK (10 msec)
成功配置!

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/22664653/viewspace-713396/,如需轉載,請註明出處,否則將追究法律責任。

相關文章