安裝配置驗證COST(orapki)

YallonKing發表於2012-09-12
/*配置COST*/
應電信某業務分公司要求,安裝cost。此在測試環境進行cost的配置、驗證。
--參照文件
--Using Class of Secure Transport (COST) to Restrict Instance Registration in Oracle RAC [ID 1340831.1]  
[oracle@rac1 ~]$ crs_stat -t
Name           Type           Target    State     Host       
------------------------------------------------------------
ora....SM1.asm application    ONLINE    ONLINE    rac1       
ora....C1.lsnr application    ONLINE    ONLINE    rac1       
ora.rac1.gsd   application    ONLINE    ONLINE    rac1       
ora.rac1.ons   application    ONLINE    ONLINE    rac1       
ora.rac1.vip   application    ONLINE    ONLINE    rac1       
ora....SM2.asm application    ONLINE    ONLINE    rac2       
ora....C2.lsnr application    ONLINE    ONLINE    rac2       
ora.rac2.gsd   application    ONLINE    ONLINE    rac2       
ora.rac2.ons   application    ONLINE    ONLINE    rac2       
ora.rac2.vip   application    ONLINE    ONLINE    rac2       
ora.racdb.db   application    ONLINE    ONLINE    rac2       
ora....b1.inst application    ONLINE    ONLINE    rac1       
ora....b2.inst application    ONLINE    ONLINE    rac2 
--建立cost存放目錄(所有節點)
[oracle@rac1 ~]$ mkdir /opt/ora10g/product/database/network/admin/cost
--建立金鑰(所有節點)
[oracle@rac1 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost
Enter password:         
  
Enter password again:         
  
[oracle@rac1 ~]$ orapki wallet add -wallet /opt/ora10g/product/database/network/admin/cost -self_signed -dn "cn=secure_register" -keysize 1024 -validity 3650
Enter wallet password: 
[oracle@rac1 ~]$ orapki wallet display -wallet /opt/ora10g/product/database/network/admin/cost
Enter wallet password:         
  
Requested Certificates:
User Certificates:
Subject:        CN=secure_register
Trusted Certificates:
Subject:        CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject:        U=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        U=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        U=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        U=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=secure_register
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US

[oracle@rac2 ~]$ mkdir /opt/ora10g/product/database/network/admin/cost
[oracle@rac1 cost]$ scp /opt/ora10g/product/database/network/admin/cost/*.* rac2:/opt/ora10g/product/database/network/admin/cost/
ewallet.p12                                                   100%   10KB   9.8KB/s   00:00
--各自節點分別建立金鑰
[oracle@rac1 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost -auto_login
Enter wallet password:        
[oracle@rac2 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost -auto_login
Enter wallet password:    
--修改監聽配置(所有節點)
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.
LISTENER_RAC1 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
     # (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER))
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
#SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
 
SID_LIST_LISTENER_RAC1 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )

[oracle@rac2 admin]$ cat listener.ora
# listener.ora.rac2 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac2
# Generated by Oracle configuration tools.
LISTENER_RAC2 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.152)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC2 = (TCP,TCPS)
SID_LIST_LISTENER_RAC2 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )
#LISTENER =
#  (DESCRIPTION_LIST =
#    (DESCRIPTION =
#      (ADDRESS = (PROTOCOL = TCP)(HOST = rac2)(PORT = 1521))
#    )
#  )
--重啟各自節點監聽 
[oracle@rac1 ~]$ srvctl stop listener -n rac1
[oracle@rac1 ~]$ srvctl start listener -n rac1
[oracle@rac1 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:10:18
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:10:12
Uptime                    0 days 0 hr. 0 min. 6 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
[oracle@rac2 ~]$ srvctl stop listener -n rac2
[oracle@rac2 ~]$ srvctl start listener -n rac2
[oracle@rac2 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:11:33
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC2
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:11:27
Uptime                    0 days 0 hr. 0 min. 5 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac2.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.154)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.154)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--所有節點配置sqlnet.ora
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat sqlnet.ora
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
 
[oracle@rac1 admin]$ scp sqlnet.ora rac2:/opt/ora10g/product/database/network/admin/
sqlnet.ora                                                    100%  151     0.2KB/s   00:00
--檢視remote_listener配置
[oracle@rac1 ~]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 15:19:38 2012
Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.
SQL> conn /as sysdba
Connected.
SQL> show parameter remote_listener
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
remote_listener                      string      LISTENERS_RACDB
--修改所有節點tnsnames.ora
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat tnsnames.ora
# tnsnames.ora Network Configuration File: /opt/ora10g/product/database/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
RACDB1 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
      (INSTANCE_NAME = racdb1)
    )
  )
RACDB =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (LOAD_BALANCE = yes)
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
    )
  )
LISTENERS_RACDB =
  (ADDRESS_LIST =
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523))
  )
EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    )
    (CONNECT_DATA =
      (SID = PLSExtProc)
      (PRESENTATION = RO)
    )
  )
RACDB2 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.152)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = racdb2)
    )
  )

[oracle@rac2 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac2 admin]$ cat tnsnames.ora
# tnsnames.ora Network Configuration File: /opt/ora10g/product/database/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
RACDB2 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
      (INSTANCE_NAME = racdb2)
    )
  )
RACDB =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (LOAD_BALANCE = yes)
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
    )
  )
LISTENERS_RACDB =
  (ADDRESS_LIST =
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523))
  )
EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    )
    (CONNECT_DATA =
      (SID = PLSExtProc)
      (PRESENTATION = RO)
    )
  )
RACDB1 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = racdb1)
    )
  )
                                                 100% 1297     1.3KB/s   00:00  
--遠端重啟各個節點
[oracle@rac1 ~]$ srvctl stop instance -d racdb -i racdb2 -o immediate
[oracle@rac1 ~]$ srvctl start instance -d racdb -i racdb2
[oracle@rac2 ~]$ srvctl stop instance -d racdb -i racdb1 -o immediate
[oracle@rac2 ~]$ srvctl start instance -d racdb -i racdb1
--確認各個節點監聽配置是否正確
[oracle@rac1 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:45:52
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:10:12
Uptime                    0 days 0 hr. 35 min. 39 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@rac2 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:45:35
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC2
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:11:27
Uptime                    0 days 0 hr. 34 min. 7 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac2.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.154)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.154)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM2", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
  Instance "+ASM2", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 2 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 2 handler(s) for this service...
The command completed successfully
--使cost配置生效
取消各個節點listener.ora中的註釋行
SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
--驗證cost
--參考Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
--對於TCP協議的驗證(只能走TCP協議)
--修改監聽配置檔案(只允許TCP協議)
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.
LISTENER_RAC1 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
     # (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER))
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
#SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
 
SID_LIST_LISTENER_RAC1 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )
--重啟監聽,並檢視註冊的服務資訊
[oracle@rac1 admin]$ lsnrctl reload
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:02:29
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:02:36
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 16 min. 49 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--手動註冊服務,並檢視監聽註冊資訊
[oracle@rac1 admin]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 23:02:59 2012
Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.
SQL> conn /as sysdba
Connected.
SQL> alter system register;
System altered.
SQL> !
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:03:15
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 17 min. 28 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--驗證期間觀察監聽日誌(無報錯及拒絕註冊的資訊)
[oracle@rac1 admin]$ tail -20 /opt/ora10g/product/database/network/log/listener_rac1.log
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:02:22 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
System parameter file is /opt/ora10g/product/database/network/admin/listener.ora
Log messages written to /opt/ora10g/product/database/network/log/listener_rac1.log
Trace information written to /opt/ora10g/product/database/network/trace/listener_rac1.trc
Trace level is currently 0
12-SEP-2012 23:02:29 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=reload)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * reload * 0
12-SEP-2012 23:02:36 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:03:03 * (CONNECT_DATA=(SERVICE_NAME=racdb1)(CID=(PROGRAM=oracle)(HOST=rac2)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=25687)) * establish * racdb1 * 12514
TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
12-SEP-2012 23:03:09 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:09 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:15 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:03:20 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:22 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
--注:例項註冊失敗,監聽日誌出現TNS-01194: The listener command did not arrive in a secure transport
--得證
--恢復TCP驗證
--修改監聽配置檔案
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.
LISTENER_RAC1 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
     # (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER))
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
 
SID_LIST_LISTENER_RAC1 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )
--重啟監聽,並檢視服務註冊資訊
[oracle@rac1 admin]$ lsnrctl reload
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:06:44
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:06:48
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 21 min. 1 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--手動註冊服務,並檢視監聽註冊資訊
[oracle@rac1 admin]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 23:07:09 2012
Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.
SQL> conn /as sysdba
Connected.
SQL> alter system register;
System altered.
SQL> !
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:07:25
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 21 min. 38 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
The command completed successfully
--檢視監聽日誌
[oracle@rac1 admin]$ tail -20 /opt/ora10g/product/database/network/log/listener_rac1.log
12-SEP-2012 23:06:20 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:06:23 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
System parameter file is /opt/ora10g/product/database/network/admin/listener.ora
Log messages written to /opt/ora10g/product/database/network/log/listener_rac1.log
Trace information written to /opt/ora10g/product/database/network/trace/listener_rac1.trc
Trace level is currently 0
12-SEP-2012 23:06:44 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=reload)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * reload * 0
12-SEP-2012 23:06:48 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:07:10 * service_register * racdb1 * 0
12-SEP-2012 23:07:10 * service_update * racdb1 * 0
12-SEP-2012 23:07:10 * service_register * racdb1 * 0
12-SEP-2012 23:07:20 * service_update * racdb1 * 0
12-SEP-2012 23:07:20 * service_update * racdb1 * 0
12-SEP-2012 23:07:20 * service_register * +ASM1 * 0
12-SEP-2012 23:07:23 * service_register * racdb2 * 0
12-SEP-2012 23:07:25 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:08:04 * (CONNECT_DATA=(SERVICE_NAME=racdb1)(CID=(PROGRAM=oracle)(HOST=rac2)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=25710)) * establish * racdb1 * 12514
TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
--注:監聽恢復正常。
--得證

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26143577/viewspace-743297/,如需轉載,請註明出處,否則將追究法律責任。

相關文章