重庆思庄Oracle、Redhat认证学习论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 1424|回复: 2
打印 上一主题 下一主题

使用ORACLE Connection Manager实现访问控制

[复制链接]
跳转到指定楼层
楼主
发表于 2021-10-25 02:20:07 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
本帖最后由 郑全 于 2021-10-25 02:27 编辑

1.环境说明
   客户端IP:192.168.133.1
   CMAN服务器:192.168.133.121
   数据库服务器:192.168.133.120
   数据库服务:orclcdb
   监听端口:1524
   数据库版本:ORACLE 19.12
   连接管理器:21.3

   操作系统:
         数据库服务器,ORACLE LINUX 8.4
         CMAN 服务器:ROCKY LINUX 8.4
         客户端:WIN10

2.安装 Oracle Connection Manager
   2.1 软件介质,直接到ORACLE 官网下载ORACLE CLIENT 21.3 即可,下载19.3也可以,我这边由于是LINUX 8.4 ,不想去设置,下载的21.3 CLIENT
   2.2 安装CMAN
        在cman服务器上安装oracle client
        现在定制安装,只需要选择 监听 connection manager 即可。
        
3.配置ORACLE CONNECTION MANAGER
  3.1 拷贝$ORACLE_HOME/network/admin/samples/cman.ora 到 $ORACLE_HOME/network/admin/cman.ora
  3.2 修改CMAN监听的名字,
       修改为CMAN_SZDB
  3.3 修改监听的主机为:192.168.133.121
  3.4 修改监听的端口为:1524
  3.5 设置白名单
        这个是由于数据库和CMAN服务器不在同一台机器,所以,需要,如果在同一台机器,就不需要设置
        (registration_invited_nodes=192.168.133.120)
  3.6 设置访问控制
       (rule_list=
    (rule=
       (src=*)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )
  )
完整的配置文件如下:
  [oracle@szdb admin]$ grep -v '#' cman.ora |grep -v '^$'
cman_szdb =
(configuration=
  
  (address=(protocol=tcp)(host=szdb)(port=1524))
  (parameter_list =
    (aso_authentication_filter=off)
    (connection_statistics=yes)
    (log_directory=/u01/app/oracle/cman/log)
    (log_level=ADMIN)
    (max_connections=256)
    (idle_timeout=0)
    (inbound_connect_timeout=0)
    (session_timeout=0)
    (outbound_connect_timeout=0)
    (max_gateway_processes=8)
    (min_gateway_processes=3)
    (trace_directory=/u01/app/oracle/cman/trace)
    (trace_level=off)
    (trace_timestamp=off)
    (trace_filelen=1000)
    (trace_fileno=1)
    (max_cmctl_sessions=4)
    (event_group=init_and_term,memory_ops)
    (registration_invited_nodes=192.168.133.120)

  )
  (rule_list=
    (rule=
       (src=192.168.133.1/24)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )
  )
)

4.配置数据库端
  在数据库服务器192.168.133.120,在TNSNAMES.ORA创建一个服务名到CMAN服务器(192.168.133.121)
  
  LISTENER_cman =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.133.121)(PORT = 1524))

  设置REMOTE_LISTENER指向LISTENER_cman

  SQL> alter system set remote_listener=LISTENER_CMAN;

5.启动CMAN
   $ cmctl
   CMCTL> admin cman_szdb
   CMCTL:cman_szdb> startup

   显示连接情况
   CMCTL>show status
   cmctl>  show service
   
   CMCTL:cman_szdb> show status
Status of the Instance
----------------------
Instance name             cman_szdb
Version                   CMAN for Linux: Version 21.0.0.0.0 - Production
Start date                25-OCT-2021 02:06:11
Uptime                    0 days 0 hr. 8 min. 32 sec
Num of gateways started   3
Average Load level        0
Log Level                 ADMIN
Trace Level               OFF
Instance Config file      /u01/app/oracle/product/21.3.0/client/network/admin/cman.ora
Instance Log directory    /u01/app/oracle/diag/netcman/szdb/cman_szdb/alert
Instance Trace directory  /u01/app/oracle/diag/netcman/szdb/cman_szdb/trace
The command completed successfully.
CMCTL:cman_szdb>
CMCTL:cman_szdb>
CMCTL:cman_szdb>
CMCTL:cman_szdb> show all
listener_address            | (DESCRIPTION=(address=(protocol=tcp)(host=szdb)(port=1524)))
aso_authentication_filter   |   OFF
connection_statistics       |    ON
event_group                 | (init_and_term, memory_ops)
log_directory               | /u01/app/oracle/diag/netcman/szdb/cman_szdb/alert
log_level                   | ADMIN
max_connections             |   256
idle_timeout                |     0
inbound_connect_timeout     |     0
session_timeout             |     0
outbound_connect_timeout    |     0
max_gateway_processes       |     8
min_gateway_processes       |     3
max_cmctl_sessions          |     4
password                    |   OFF
remote_admin                |   OFF
trace_directory             | /u01/app/oracle/diag/netcman/szdb/cman_szdb/trace
trace_level                 |   OFF
trace_timestamp             |   OFF
trace_filelen               |  1000
trace_fileno                |     1
service_rate                |     0
connection_rate             |     0
max_all_connections         |     0
max_reg_connections         |     0
compression                 |   OFF
sdu                         |  8192
expire_time                 |     0
non_tunnel_gateways         |  1000
use_sid_as_service          |   OFF
valid_node_checking_registration |   OFF
Number of filtering rules currently in effect: 1
(rule_list=
  (rule=
    (src=192.168.133.1/24)
    (dst=*)
    (srv=*)
    (act=accept)
    (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
  )
)
The command completed successfully.
CMCTL:cman_szdb>
CMCTL:cman_szdb>
CMCTL:cman_szdb> show service
Services Summary...
Proxy service "cmgw" has 1 instance(s).
  Instance "cman", status READY, has 3 handler(s) for this service...
    Handler(s):
      "cmgw002" established:0 refused:0 current:0 max:256 state:ready
         <machine: localhost, pid: 2955>
         (ADDRESS=(PROTOCOL=ipc)(KEY=#2955.1)(KEYPATH=/var/tmp/.oracle_100100))
      "cmgw001" established:0 refused:0 current:0 max:256 state:ready
         <machine: localhost, pid: 2953>
         (ADDRESS=(PROTOCOL=ipc)(KEY=#2953.1)(KEYPATH=/var/tmp/.oracle_100100))
      "cmgw000" established:0 refused:0 current:0 max:256 state:ready
         <machine: localhost, pid: 2951>
         (ADDRESS=(PROTOCOL=ipc)(KEY=#2951.1)(KEYPATH=/var/tmp/.oracle_100100))
Service "86b637b62fdf7a65e053f706e80a27ca" has 1 instance(s).
  Instance "orclcdb", status READY, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521))
Service "cbb47e352f7aaea7e0537885a8c03007" has 1 instance(s).
  Instance "orclcdb", status READY, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521))
Service "cdfd043675cc16a6e0537885a8c07810" has 1 instance(s).
  Instance "orclcdb", status READY, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521))
Service "cmon" has 1 instance(s).
  Instance "cman", status READY, has 1 handler(s) for this service...
    Handler(s):
      "cmon" established:1 refused:0 current:1 max:4 state:ready
         <machine: localhost, pid: 2945>
         (ADDRESS=(PROTOCOL=ipc)(KEY=#2945.1)(KEYPATH=/var/tmp/.oracle_100100))

Service "orclcdb" has 1 instance(s).
  Instance "orclcdb", status READY, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521))
Service "orclpdb" has 1 instance(s).
  Instance "orclcdb", status READY, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521))
The command completed successfully.
CMCTL:cman_szdb>

6.配置客户端
   配置客户端连接到CMAN
   vim tnsnames.ora
    ...
    C_orclcdb =
      (DESCRIPTION =
        (ADDRESS_LIST =
           (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.133.121)(PORT = 1524))
        )
       (CONNECT_DATA =
         (service_name = orclcdb)
       )
     )

   192.168.133.121 是cman服务器的IP

7.测试客户端连接
    SQL> conn system/oracle_4U@c_orclcdb
    Connected.

   
     

   
   
   
   

   
分享到:  QQ好友和群QQ好友和群 QQ空间QQ空间 腾讯微博腾讯微博 腾讯朋友腾讯朋友
收藏收藏 支持支持 反对反对
回复

使用道具 举报

沙发
 楼主| 发表于 2021-10-25 02:39:04 | 只看该作者
同时,配置中,参考了一下官方文档:
Valid Node Checking for Registration parameter in Connection Manager ( VNCR in CMAN ) (Doc ID 2259948.1)

https://docs.oracle.com/en/datab ... 7-A99A-D4702C5273BC  Oracle Connection Manager Parameters
回复 支持 反对

使用道具 举报

板凳
 楼主| 发表于 2021-10-25 02:45:05 | 只看该作者
本帖最后由 郑全 于 2021-10-25 02:47 编辑
郑全 发表于 2021-10-25 02:39
同时,配置中,参考了一下官方文档:
Valid Node Checking for Registration parameter in Connection Man ...


                               
登录/注册后可看大图

回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛 ( 渝ICP备12004239号-4 )

GMT+8, 2024-11-28 15:19 , Processed in 0.173925 second(s), 19 queries .

重庆思庄学习中心论坛-重庆思庄科技有限公司论坛

© 2001-2020

快速回复 返回顶部 返回列表