1、创建cost目录(所有节点)
[root@jzh1 ~]# mkdir -p /u01/app/11.2.0/grid/network/admin/cost
2、创建ewallet.p12钱包
[oracle@jzh1 ~]$ orapki wallet create -wallet /u01/app/11.2.0/grid/network/admin/cost/
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
[oracle@jzh1 ~]$ orapki wallet add -wallet /u01/app/11.2.0/grid/network/admin/cost -self_signed -dn
"cn=secure_register" -keysize 1024 -validity 3650
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
[oracle@jzh1 ~]$ orapki wallet display -wallet /u01/app/11.2.0/grid/network/admin/cost -summary
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Requested Certificates:
User Certificates:
Subject: CN=secure_register
Trusted Certificates:
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=secure_register
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
3、创建cwallet.sso文件(所有节点)
[oracle@jzh1 ~]$ orapki wallet create -wallet /u01/app/11.2.0/grid/network/admin/cost -auto_login
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
4、修改cwallet.sso文件权限
[oracle@jzh1 cost]$ chmod 640 cwallet.sso
[oracle@jzh1 cost]$ ll
total 165
-rw-r----- 1 oracle oinstall 5829 Aug 22 06:24 cwallet.sso
-rw------- 1 oracle oinstall 5752 Aug 22 06:17 ewallet.p12
5、修改监听配置(所有节点)
添加如下:
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/11.2.0.2/grid/network/admin/cost)
)
)
#SECURE_REGISTER_LISTENER_SCAN1 = (IPC,TCPS)
6、修改scan_listener
[grid@jzh1 admin]$ srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
[grid@jzh1 admin]$ srvctl modify scan_listener -p TCP:1521/TCPS:1523
[grid@jzh1 admin]$ srvctl stop scan_listener
[grid@jzh1 admin]$ srvctl start scan_listener
[grid@jzh1 admin]$ srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521/TCPS:1523
7、将钱包路径添加至sqlnet.ora文件(所有节点)注:是DB目录下的sqlnet.ora,如果没有该文件,可以创建一个
添加如下内容:
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/11.2.0.2/grid/network/admin/cost)
)
)
8、查看remote_listener配置
[oracle@jzh2 admin]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Aug 22 06:46:42 2015
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Data Mining and Real Application Testing options
SQL> show parameter remote_listener
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_listener string 192.168.1.206:1521
[oracle@jzh1 admin]$ srvctl config scan
SCAN name: 192.168.1.206, Network: 1/192.168.1.0/255.255.255.0/eth0
SCAN VIP name: scan1, IP: /192.168.1.206/192.168.1.206
9、修改remote_listener
SQL> alter system set remote_listener='(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=192.168.1.206)(PORT=1523)))'
scope=both sid='*';
System altered.
SQL> show parameter remote_listener
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_listener string (ADDRESS_LIST=(ADDRESS=(PROTOC
OL=TCPS)(HOST=192.168.1.206)(P
ORT=1523)))
10、启用COST参数
将listerner.ora中#SECURE_REGISTER_LISTENER_SCAN1 = (IPC,TCPS) ‘#’号去掉
11、重启每个节点监听
[grid@jzh1 admin]$ srvctl stop scan_listener
[grid@jzh1 admin]$ srvctl stop listener -n jzh1
[grid@jzh1 admin]$ srvctl start listener -n jzh1
[grid@jzh2 admin]$ srvctl stop listener -n jzh2
[grid@jzh2 admin]$ srvctl start listener -n jzh2
[root@jzh1 ~]# mkdir -p /u01/app/11.2.0/grid/network/admin/cost
2、创建ewallet.p12钱包
[oracle@jzh1 ~]$ orapki wallet create -wallet /u01/app/11.2.0/grid/network/admin/cost/
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
[oracle@jzh1 ~]$ orapki wallet add -wallet /u01/app/11.2.0/grid/network/admin/cost -self_signed -dn
"cn=secure_register" -keysize 1024 -validity 3650
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
[oracle@jzh1 ~]$ orapki wallet display -wallet /u01/app/11.2.0/grid/network/admin/cost -summary
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Requested Certificates:
User Certificates:
Subject: CN=secure_register
Trusted Certificates:
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=secure_register
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
3、创建cwallet.sso文件(所有节点)
[oracle@jzh1 ~]$ orapki wallet create -wallet /u01/app/11.2.0/grid/network/admin/cost -auto_login
Oracle PKI Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
4、修改cwallet.sso文件权限
[oracle@jzh1 cost]$ chmod 640 cwallet.sso
[oracle@jzh1 cost]$ ll
total 165
-rw-r----- 1 oracle oinstall 5829 Aug 22 06:24 cwallet.sso
-rw------- 1 oracle oinstall 5752 Aug 22 06:17 ewallet.p12
5、修改监听配置(所有节点)
添加如下:
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/11.2.0.2/grid/network/admin/cost)
)
)
#SECURE_REGISTER_LISTENER_SCAN1 = (IPC,TCPS)
6、修改scan_listener
[grid@jzh1 admin]$ srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
[grid@jzh1 admin]$ srvctl modify scan_listener -p TCP:1521/TCPS:1523
[grid@jzh1 admin]$ srvctl stop scan_listener
[grid@jzh1 admin]$ srvctl start scan_listener
[grid@jzh1 admin]$ srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521/TCPS:1523
7、将钱包路径添加至sqlnet.ora文件(所有节点)注:是DB目录下的sqlnet.ora,如果没有该文件,可以创建一个
添加如下内容:
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/11.2.0.2/grid/network/admin/cost)
)
)
8、查看remote_listener配置
[oracle@jzh2 admin]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Aug 22 06:46:42 2015
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Data Mining and Real Application Testing options
SQL> show parameter remote_listener
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_listener string 192.168.1.206:1521
[oracle@jzh1 admin]$ srvctl config scan
SCAN name: 192.168.1.206, Network: 1/192.168.1.0/255.255.255.0/eth0
SCAN VIP name: scan1, IP: /192.168.1.206/192.168.1.206
9、修改remote_listener
SQL> alter system set remote_listener='(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=192.168.1.206)(PORT=1523)))'
scope=both sid='*';
System altered.
SQL> show parameter remote_listener
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_listener string (ADDRESS_LIST=(ADDRESS=(PROTOC
OL=TCPS)(HOST=192.168.1.206)(P
ORT=1523)))
10、启用COST参数
将listerner.ora中#SECURE_REGISTER_LISTENER_SCAN1 = (IPC,TCPS) ‘#’号去掉
11、重启每个节点监听
[grid@jzh1 admin]$ srvctl stop scan_listener
[grid@jzh1 admin]$ srvctl stop listener -n jzh1
[grid@jzh1 admin]$ srvctl start listener -n jzh1
[grid@jzh2 admin]$ srvctl stop listener -n jzh2
[grid@jzh2 admin]$ srvctl start listener -n jzh2
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10271187/viewspace-1779602/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/10271187/viewspace-1779602/
扫一扫
379
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
