關於oracle實現ip 訪問控制的資料見我的另一篇文章《sqlnet.ora 訪問控制策略》

相對與單節點的oracle ，11gr2 rac中，listener是配置在GRID_HOME，而不是ORACLE_HOME,所以我們要修改的sqlnet.ora檔案是在GI_HOME/network/admin目錄下的而非ORACLE_HOME/network/admin 目錄。

實驗環境：

資料庫版本 11.2.0.1.0

rac1 10.250.7.225

rac2 10.250.7.249 vip 10.250.7.112

rac3 10.250.7.241

1 最初的配置，tcp.invited_nodes只包含rac1，rac2兩個節點的ip,不包含rac3的ip

grid@rac1:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

tcp.validnode_checking=yes

#允許訪問的ip

tcp.invited_nodes =(10.250.7.225,10.250.7.249)

ADR_BASE = /opt/rac/grid

grid@rac2:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

tcp.validnode_checking=yes

#允許訪問的ip

tcp.invited_nodes =(10.250.7.249,10.250.7.225)

ADR_BASE = /opt/rac/grid

2 在rac3 上進行測試tnsping rac1 rac2

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac1

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 15-DEC-2011 16:19:46

Used parameter files:

/opt/oracle/11.2.0/alifpre/network/admin/sqlnet.ora

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.225)(PORT = 1521))) (CONNECT_DATA = (SID = rac1)))

TNS-12547: TNS:lost contact

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac2

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 15-DEC-2011 16:19:48

Used parameter files:

/opt/oracle/11.2.0/alifpre/network/admin/sqlnet.ora

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.112)(PORT = 1521))) (CONNECT_DATA = (SID = rac2)))

TNS-12547: TNS:lost contact

分別修改rac1 rac2 的 sqlnet.ora檔案

grid@rac2:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

tcp.validnode_checking=yes

#允許訪問的ip

tcp.invited_nodes =(10.250.7.249,10.250.7.241)

ADR_BASE = /opt/rac/grid

3 修改之後必須重啟監聽，(這個對於生產庫比較麻煩,最造成操作期間的新連線失敗)

grid@rac2:/opt/11202/11.2.0/grid/network/admin>srvctl stop listener

grid@rac2:/opt/11202/11.2.0/grid/network/admin>srvctl start listener

grid@rac1:/opt/11202/11.2.0/grid/network/admin>vim sqlnet.ora

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

tcp.validnode_checking=yes

#允許訪問的ip

tcp.invited_nodes =(10.250.7.225,10.250.7.241)

ADR_BASE = /opt/rac/grid

重啟監聽！

grid@rac1:/opt/11202/11.2.0/grid/network/admin>srvctl stop listener

grid@rac1:/opt/11202/11.2.0/grid/network/admin>srvctl start listener

4 再次進行測試：

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac2

Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.112)(PORT = 1521))) (CONNECT_DATA = (SID = rac2)))

OK (0 msec)

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>tnsping rac1

Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.225)(PORT = 1521))) (CONNECT_DATA = (SID = rac1)))

OK (10 msec)

成功配置！

【RAC】RAC 實現IP訪問控制

相關文章