安装配置验证COST(orapki)

最新推荐文章于 2023-03-21 00:17:59 发布
最新推荐文章于 2023-03-21 00:17:59 发布
阅读量278 收藏
点赞数
文章标签: 网络 数据库 操作系统
/*配置COST*/
应电信某业务分公司要求,安装cost。此在测试环境进行cost的配置、验证。
--参照文档
--Using Class of Secure Transport (COST) to Restrict Instance Registration in Oracle RAC [ID 1340831.1]  
[oracle@rac1 ~]$ crs_stat -t
Name           Type           Target    State     Host       
------------------------------------------------------------
ora....SM1.asm application    ONLINE    ONLINE    rac1       
ora....C1.lsnr application    ONLINE    ONLINE    rac1       
ora.rac1.gsd   application    ONLINE    ONLINE    rac1       
ora.rac1.ons   application    ONLINE    ONLINE    rac1       
ora.rac1.vip   application    ONLINE    ONLINE    rac1       
ora....SM2.asm application    ONLINE    ONLINE    rac2       
ora....C2.lsnr application    ONLINE    ONLINE    rac2       
ora.rac2.gsd   application    ONLINE    ONLINE    rac2       
ora.rac2.ons   application    ONLINE    ONLINE    rac2       
ora.rac2.vip   application    ONLINE    ONLINE    rac2       
ora.racdb.db   application    ONLINE    ONLINE    rac2       
ora....b1.inst application    ONLINE    ONLINE    rac1       
ora....b2.inst application    ONLINE    ONLINE    rac2 
--创建cost存放目录(所有节点)
[oracle@rac1 ~]$ mkdir /opt/ora10g/product/database/network/admin/cost
--创建密钥(所有节点)
[oracle@rac1 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost
Enter password:         
  
Enter password again:         
  
[oracle@rac1 ~]$ orapki wallet add -wallet /opt/ora10g/product/database/network/admin/cost -self_signed -dn "cn=secure_register" -keysize 1024 -validity 3650
Enter wallet password: 
[oracle@rac1 ~]$ orapki wallet display -wallet /opt/ora10g/product/database/network/admin/cost
Enter wallet password:         
  
Requested Certificates:
User Certificates:
Subject:        CN=secure_register
Trusted Certificates:
Subject:        CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject:        U=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        U=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        U=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        U=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=secure_register
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject:        CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US

[oracle@rac2 ~]$ mkdir /opt/ora10g/product/database/network/admin/cost
[oracle@rac1 cost]$ scp /opt/ora10g/product/database/network/admin/cost/*.* rac2:/opt/ora10g/product/database/network/admin/cost/
ewallet.p12                                                   100%   10KB   9.8KB/s   00:00
--各自节点分别创建密钥
[oracle@rac1 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost -auto_login
Enter wallet password:        
[oracle@rac2 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost -auto_login
Enter wallet password:    
--修改监听配置(所有节点)
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.
LISTENER_RAC1 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
     # (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER))
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
#SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
 
SID_LIST_LISTENER_RAC1 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )

[oracle@rac2 admin]$ cat listener.ora
# listener.ora.rac2 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac2
# Generated by Oracle configuration tools.
LISTENER_RAC2 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.152)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC2 = (TCP,TCPS)
SID_LIST_LISTENER_RAC2 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )
#LISTENER =
#  (DESCRIPTION_LIST =
#    (DESCRIPTION =
#      (ADDRESS = (PROTOCOL = TCP)(HOST = rac2)(PORT = 1521))
#    )
#  )
--重启各自节点监听 
[oracle@rac1 ~]$ srvctl stop listener -n rac1
[oracle@rac1 ~]$ srvctl start listener -n rac1
[oracle@rac1 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:10:18
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:10:12
Uptime                    0 days 0 hr. 0 min. 6 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
[oracle@rac2 ~]$ srvctl stop listener -n rac2
[oracle@rac2 ~]$ srvctl start listener -n rac2
[oracle@rac2 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:11:33
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC2
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:11:27
Uptime                    0 days 0 hr. 0 min. 5 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac2.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.154)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.154)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--所有节点配置sqlnet.ora
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat sqlnet.ora
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
 
[oracle@rac1 admin]$ scp sqlnet.ora rac2:/opt/ora10g/product/database/network/admin/
sqlnet.ora                                                    100%  151     0.2KB/s   00:00
--查看remote_listener配置
[oracle@rac1 ~]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 15:19:38 2012
Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.
SQL> conn /as sysdba
Connected.
SQL> show parameter remote_listener
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
remote_listener                      string      LISTENERS_RACDB
--修改所有节点tnsnames.ora
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat tnsnames.ora
# tnsnames.ora Network Configuration File: /opt/ora10g/product/database/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
RACDB1 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
      (INSTANCE_NAME = racdb1)
    )
  )
RACDB =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (LOAD_BALANCE = yes)
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
    )
  )
LISTENERS_RACDB =
  (ADDRESS_LIST =
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523))
  )
EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    )
    (CONNECT_DATA =
      (SID = PLSExtProc)
      (PRESENTATION = RO)
    )
  )
RACDB2 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.152)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = racdb2)
    )
  )

[oracle@rac2 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac2 admin]$ cat tnsnames.ora
# tnsnames.ora Network Configuration File: /opt/ora10g/product/database/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
RACDB2 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
      (INSTANCE_NAME = racdb2)
    )
  )
RACDB =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (LOAD_BALANCE = yes)
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = racdb)
    )
  )
LISTENERS_RACDB =
  (ADDRESS_LIST =
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
   # (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523))
    (ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523))
  )
EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
    )
    (CONNECT_DATA =
      (SID = PLSExtProc)
      (PRESENTATION = RO)
    )
  )
RACDB1 =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = racdb1)
    )
  )
                                                 100% 1297     1.3KB/s   00:00  
--远程重启各个节点
[oracle@rac1 ~]$ srvctl stop instance -d racdb -i racdb2 -o immediate
[oracle@rac1 ~]$ srvctl start instance -d racdb -i racdb2
[oracle@rac2 ~]$ srvctl stop instance -d racdb -i racdb1 -o immediate
[oracle@rac2 ~]$ srvctl start instance -d racdb -i racdb1
--确认各个节点监听配置是否正确
[oracle@rac1 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:45:52
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:10:12
Uptime                    0 days 0 hr. 35 min. 39 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@rac2 ~]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:45:35
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC2
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 15:11:27
Uptime                    0 days 0 hr. 34 min. 7 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac2.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.154)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.154)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM2", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
  Instance "+ASM2", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 2 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 2 handler(s) for this service...
The command completed successfully
--使cost配置生效
取消各个节点listener.ora中的注释行
SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
--验证cost
--参考Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
--对于TCP协议的验证(只能走TCP协议)
--修改监听配置文件(只允许TCP协议)
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.
LISTENER_RAC1 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
     # (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER))
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
#SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
 
SID_LIST_LISTENER_RAC1 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )
--重启监听,并查看注册的服务信息
[oracle@rac1 admin]$ lsnrctl reload
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:02:29
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:02:36
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 16 min. 49 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--手动注册服务,并查看监听注册信息
[oracle@rac1 admin]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 23:02:59 2012
Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.
SQL> conn /as sysdba
Connected.
SQL> alter system register;
System altered.
SQL> !
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:03:15
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 17 min. 28 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--验证期间观察监听日志(无报错及拒绝注册的信息)
[oracle@rac1 admin]$ tail -20 /opt/ora10g/product/database/network/log/listener_rac1.log
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:02:22 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
System parameter file is /opt/ora10g/product/database/network/admin/listener.ora
Log messages written to /opt/ora10g/product/database/network/log/listener_rac1.log
Trace information written to /opt/ora10g/product/database/network/trace/listener_rac1.trc
Trace level is currently 0
12-SEP-2012 23:02:29 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=reload)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * reload * 0
12-SEP-2012 23:02:36 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:03:03 * (CONNECT_DATA=(SERVICE_NAME=racdb1)(CID=(PROGRAM=oracle)(HOST=rac2)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=25687)) * establish * racdb1 * 12514
TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
12-SEP-2012 23:03:09 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:09 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:15 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:03:20 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:22 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
--注:实例注册失败,监听日志出现TNS-01194: The listener command did not arrive in a secure transport
--得证
--恢复TCP验证
--修改监听配置文件
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.
LISTENER_RAC1 =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
     # (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER))
      (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523)(IP = FIRST))
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521)(IP = FIRST))
    )
  )
#cost add
WALLET_LOCATION =
   (SOURCE =
    (METHOD = FILE)
     (METHOD_DATA =
      (DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
     )
   )
#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)
 
SID_LIST_LISTENER_RAC1 =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /opt/ora10g/product/database)
      (PROGRAM = extproc)
    )
  )
--重启监听,并查看服务注册信息
[oracle@rac1 admin]$ lsnrctl reload
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:06:44
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:06:48
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 21 min. 1 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
--手动注册服务,并查看监听注册信息
[oracle@rac1 admin]$ sqlplus /nolog
SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 23:07:09 2012
Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.
SQL> conn /as sysdba
Connected.
SQL> alter system register;
System altered.
SQL> !
[oracle@rac1 admin]$ lsnrctl status
LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:07:25
Copyright (c) 1991, 2010, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_RAC1
Version                   TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date                12-SEP-2012 22:45:47
Uptime                    0 days 0 hr. 21 min. 38 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File         /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
  Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
  Instance "racdb1", status READY, has 1 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
  Instance "racdb1", status READY, has 2 handler(s) for this service...
  Instance "racdb2", status READY, has 1 handler(s) for this service...
The command completed successfully
--查看监听日志
[oracle@rac1 admin]$ tail -20 /opt/ora10g/product/database/network/log/listener_rac1.log
12-SEP-2012 23:06:20 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:06:23 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
System parameter file is /opt/ora10g/product/database/network/admin/listener.ora
Log messages written to /opt/ora10g/product/database/network/log/listener_rac1.log
Trace information written to /opt/ora10g/product/database/network/trace/listener_rac1.trc
Trace level is currently 0
12-SEP-2012 23:06:44 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=reload)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * reload * 0
12-SEP-2012 23:06:48 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:07:10 * service_register * racdb1 * 0
12-SEP-2012 23:07:10 * service_update * racdb1 * 0
12-SEP-2012 23:07:10 * service_register * racdb1 * 0
12-SEP-2012 23:07:20 * service_update * racdb1 * 0
12-SEP-2012 23:07:20 * service_update * racdb1 * 0
12-SEP-2012 23:07:20 * service_register * +ASM1 * 0
12-SEP-2012 23:07:23 * service_register * racdb2 * 0
12-SEP-2012 23:07:25 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:08:04 * (CONNECT_DATA=(SERVICE_NAME=racdb1)(CID=(PROGRAM=oracle)(HOST=rac2)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=25710)) * establish * racdb1 * 12514
TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
--注:监听恢复正常。
--得证

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/26143577/viewspace-743297/,如需转载,请注明出处,否则将追究法律责任。

转载于:http://blog.itpub.net/26143577/viewspace-743297/

cuiqu7295
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
orapki 1
weixin_39568073的博客
03-29 676
数据库中生成位置 创建生成钱包位置 orapki wallet create -wallet D:\app\Administrator\wallet -pwd AAbb1234 -auto_login 融合中间件中生成 set JAVA_HOME=C:\Java\jdk1.8.0_201 创建Oracle Wallet orapki wallet create -wallet D:\wallet 创建启用了自动登录的Oracle Wallet orapki wallet create
使用orapki生成证书,配置Oracle数据使用SSL和TLS进行数据库连接的TCP/IP配置==TCPS...
weixin_30613343的博客
01-25 1333
内容参考Oracle官方文档:   https://oracle-base.com/articles/misc/configure-tcpip-with-ssl-and-tls-for-database-connections   https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoappf.htm#ASOAG9835   o...
orapki utility
我的博客
02-22 1273
The orapki utility is provided to manage public key infrastructure (PKI) elements, such as wallets and certificate revocation lists, from the command line. This enables you to automate these tasks u
oracle ssl jdbc 架构,使用orapki生成证书,配置Oracle数据使用SSL和TLS进行数据库连接的TCP/IP配置==TCPS...
weixin_39865952的博客
04-02 551
内容参考Oracle官方文档:https://oracle-base.com/articles/misc/configure-tcpip-with-ssl-and-tls-for-database-connectionshttps://docs.oracle.com/cd/E11882_01/network.112/e40393/asoappf.htm#ASOAG9835orapki实用程序用于从...
PLSQL集成ORACLE客户端精简版
05-15
不需要安装oracle客户端, NETWORK\ADMIN下tnsnames.ora 配置oracle_home 就ok了
课程设计 hadoop集群的安装配置
07-01
并行程序设计,Hadoop集群的安装配置。 Hadoop一个分布式系统基础架构,由Apache基金会开发。用户可以在不了解分布式底层细节的情况下,开发分布式程序。充分利用集群的威力高速运算和存储。Hadoop实现了一个...
import-cost webstorm 插件
06-11
import cost 的webstorm 插件 , 用于查看 引用的包的大小
jb.rar_cost calculation
09-19
Lowest cost calculation
华为5700交换机OSPF配置.docx
08-11
7. **验证配置**: - 可以通过`display ospf peer`命令检查邻居状态,确保OSPF邻居关系建立成功。 - 使用`display ip routing-table`查看路由表,确认OSPF路由信息正确传播。 8. **实验拓扑**: - 三台华为5700...
cost733 assessment in Norway.pdf
08-18
客观天气分型,采用欧盟cost733模式,利用T模态倾斜旋转主分量等方法对天气形势进行客观分型。
oraclegit:Oracle和Github的集成
05-08
#Project oraclegit自述文件 一个启用了github的数据库。 ##描述: 这个plsql库使您可以将github用作oracle代码的源代码控制,并使用它来跟踪代码遇到的任何错误。 ##安装 要使用此软件包,您需要将GitHub ssl证书安装到oracle钱包中。 使用浏览器下载证书,并创建一个钱包并导入证书(有关如何执行此操作的更多详细信息,请点击此处,): ###创建钱包 orapki wallet create -wallet /home/oracle/wallet -pwd WalletPasswd123 orapki wallet add -wallet /home/oracle/wallet -trusted_cert -cert "/home/oracle/cert1.crt" -pwd WalletPasswd123 orapki wallet
Time Cost Class
05-08
This is a class for check time cost for a function, the accuracy is 1ms.
Oracle Database Server 'TNS Listener'远程数据投毒漏洞(CVE-2012-1675)的解决文档
05-25
安全厂家给出的解决办法: 链接:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html 根据此链接得到解决方法: ? 1234 SolutionRecommendations for protecting against this vulnerability can be found at:My Oracle Support Note 1340831.1 for Oracle Database deployments that use Oracle Real Application Clusters (RAC).My Oracle Support Note 1453883.1 for Oracle Database deployments that do not use RAC. 目前这里环境不是RAC,参考文档1453883.1: Using Class of Secure Transport (COST) to Restrict Instance Registration (
论文研究 - 时代中期数据库Cost733对墨西哥的流通类型分类
05-28
本文采用聚类k均值(CKM)和欧洲Großwettertypes(GWT)进行天气分类的方法,并在COST733程序包中执行。 该方法使用的CKM包含9个群集,GWT包含16个群集。COST733评估了自1986年至2015年的30年数据集。所选择的变量是平均海平面压力(mslp),地势高度(z500和z850),风速和方向(u10,v10和u,v在850 hPa处)和相对涡度(vo),在00:00、06:00、12:00和18:00 UTC和0时数据网格的分辨率为0.75°×0.75°脚步。 使用COST733对这些结果进行评估,以通过解释的方差(EV)或误差减少率和伪F值(PF)来确定测量的质量,从而确定结果的确定性。 在评估中,GWT-16的年度值更高,分别为32.7(EV)和354.3(PF),而CKM-9为54.2(EV)和1621.8(PF)。 最后,得出的结论是,GWT-16可以用于对墨西哥上空的天气系统进行分类,而气象现象的分析则触发了墨西哥上空地区大气污染的增加或减少。
使用cost733分型软件进行SOM分型及CDO简单操作
weixin_62573024的博客
03-21 1647
安装cost733后,开始使用cost733软件,利用SOM法进行天气分型,发现在使用资料的时候需要对数据进行预处理,过程对于初学者来说还是略有麻烦,踩了坑以后总结了一套可以操作的流程,在此分享希望帮助到大家
CentOS7 安装天气分型软件cost733过程详解
weixin_62573024的博客
03-05 1822
cost733是一款天气分型软件,其内置的一些算法可以帮助气象工作者进行天气类型划分等(我也是初学者,仅仅知道一些皮毛),但是网上找到的安装办法比较少,并且总会出现一些报错,试了一晚上,终于将安装办法调通了,希望可以帮助到大家
Oracle通过SSL方式连接AD服务器
luzhuhong1的博客
09-19 1004
一】在Oracle服务器上创建Wallet 首先应该在ad服务器上导出一个扩展名为.cer的根证书,这一步骤请联系网管,此处不描述了。 登录Oracle所在服务器 su - oracle mkdir /home/oracle/wallet 正式创建一个wallet对象,访问密码为wallet orapki wallet create -wallet /home/oracle/wallet -pwd...
[Android Studio 权威教程]打包、生成jks密钥、签名Apk、多渠道打包
love_famliy的专栏
10-12 921
生成jks签名文件 选择Build > Generate Signed APK… 选择项目app > Next 选择Create new… 选择签名文件的路径,这些信息和eclipse一样了,填完点击OK 选择Next 我们这里做测试选择qihu360和xiaomi打包release版,最后点击Finish
oracle 11g r2 Rac install
甲骨虫的家
10-25 6721
查看操作系统版本:  [root@rac1 ~]# cat /etc/issue Enterprise Linux Enterprise Linux AS release 4 (October Update 7) Kernel \r on an \m 查看内核版本: [root@rac1 ~]# cat /proc/version Linux version 2.6.9-78.0.
配置静态路由的cost的代码
最新发布
05-17
配置静态路由的 cost 取决于网络拓扑和需要优化的参数(比如链路带宽、延迟等),一般情况下可以通过以下命令来配置: ```cisco ip route <目的网络地址> <目的子网掩码> <下一跳地址> [<出口编号>] [distance ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值