Bo's Oracle Station › 博客首页 ›Oracle技术› 开发和基础管理 › 查看内容

【博客文章2022】在Oracle私有云上配置和使用Oracle Connection Manager

2022-1-27 21:33| 发布者: admin| 查看: 4620| 评论: 0|原作者: Bo Tang

摘要: 在Oracle私有云上配置和使用Oracle Connection Manager

Author: Bo Tang

1. 本博客用到的私有云结构示意图：

Connection manager的主机信息：

[root@cvcdds198 ~]# hostname
cvcdds198.xn.fj.cn
[root@cvcdds198 ~]# nmcli con show
NAME    UUID                                  TYPE      DEVICE
enp5s0 8e249441-18f7-4669-83a2-fa8a58cfb778 ethernet enp5s0
ens1    21d6dcdf-7673-42d6-9d9b-e52f2ca838d2 ethernet ens1
virbr0 e5fb3ad4-b2ef-475c-86a5-fa624de0c3a9 bridge    virbr0
[root@cvcdds198 ~]# ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens1: mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:3b:dd:6b brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute ens1
       valid_lft forever preferred_lft forever
    inet6 fe80::96c5:2787:2920:8576/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp5s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:12:28:37 brd ff:ff:ff:ff:ff:ff
    inet 124.16.3.16/24 brd 124.16.3.255 scope global noprefixroute enp5s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4207:b097:89f7:4266/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
4: virbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:ed:fa:3e brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:ed:fa:3e brd ff:ff:ff:ff:ff:ff
[root@cvcdds198 ~]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window irtt Iface
0.0.0.0         124.16.3.1      0.0.0.0         UG        0 0          0 enp5s0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 ens1
124.16.3.0      0.0.0.0         255.255.255.0   U         0 0          0 enp5s0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 ens1
192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0
[root@cvcdds198 ~]#

在Client Machine上的用户需要通过Connection manager的主机访问私有云内部的orcl数据库服务器，该数据库服务器没有Internet IP地址，只有内网地址。

2. 在cvcdds198.xn.fj.cn这台机器上安装Connection Manager 19c软件

下载并解压V982064-01.zip和V982065-01.zip，进入client目录：

[oracle@cvcdds198 CLIENT]$ cd client/
[oracle@cvcdds198 client]$ ./runInstaller

选择Custom，点下一步（由于在Oracle Enterprise Linux 8.3上安装，会出现两次下面的弹窗，每次点击“Yes”就好）：

检查“Software location”中的路径是否正确，如图所示为正确路径（已经将“19.0.0”改为“19.3.0”）。点下一步：

所有组件中只钩选“Oracle Connection Manager”，点下一步：

点击“Install”：

安装开始：

安装过程后半段，会弹出要求以root身份执行命令的窗口：

打开新的终端，以root身份执行root.sh，所有的问题都敲回车，如果问yes和no都选yes：

[root@cvcdds198 ~]# /u01/app/oracle/product/19.3.0/client_1/root.sh
Performing root user operation.

The following environment variables are set as:
ORACLE_OWNER= oracle
ORACLE_HOME= /u01/app/oracle/product/19.3.0/client_1

Enter the full pathname of the local bin directory: [/usr/local/bin]:
The contents of "dbhome" have not changed. No need to overwrite.
The contents of "oraenv" have not changed. No need to overwrite.
The contents of "coraenv" have not changed. No need to overwrite.

Entries will be added to the /etc/oratab file as needed by
Database Configuration Assistant when a database is created
Finished running generic part of root script.
Now product-specific root actions will be performed.

执行完点OK：

3. 在cvcdds198.xn.fj.cn这台机器上配置Connection Manager 19c：

不要认为必需在Connection Manager所在的机器上运行普通的Oracle监听器（1521端口），实际上Connection Manage本身就是一种特殊的监听器。所以正如我们前面安装的那样，既不需要在Connection Manager所在的机器上安装普通的Oracle监听器组件，也不能运行普通的Oracle监听器。这一点在OU的19c教材和活动指南上出现错误。

[oracle@cvcdds198 ~]$ netstat -lntp | grep :1521
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)

为了方便地配置Connection Manager，我们可以拷贝Oracle自带的模版进行修改：

[oracle@cvcdds198 ~]$ cd /u01/app/oracle/product/19.3.0/client_1/network/admin/

[oracle@cvcdds198 admin]$ cp samples/cman.ora ./

将其编辑成如下这样，做过修改的部分变成红色：

######################################################################
#
# Copyright (c) 2001,2002, Oracle Corporation. All rights reserved.
#
# NAME
#    cman.ora
#
# DESCRIPTION
#    Sample CMAN configuration file that the user can modify for their
#    own use.
#
# NOTES
#    1. Change to your fully qualified hostname
#    2. Change to the listening port number
#    3. Change and to your log and trace directories
#
# MODIFIED (MM/DD/YYYY)
# asankrut   10/05/2002 -   Added Rule List Specifications
# asankrut   06/11/2002 -   Modified to add new parameters; added comments.
# asankrut   12/31/2001 -   Creation.
#
######################################################################

# CMAN Alias
cman_cvcdds198 =
(configuration=

# Listening address of the cman
(ADDRESS_LIST =
(address=(protocol=tcp)(host=124.16.3.16)(port=1630))
(address=(protocol=tcp)(host=192.168.0.100)(port=1630))
)
# Configuration parameters of this CMAN
(parameter_list =

    # Need authentication for connection?
    # Valid values: boolean values for on/off
    (aso_authentication_filter=off)

    # Connection statistics need to be collected?
    # Valid values: boolean values for on/off
    (connection_statistics=yes)

# Log files would be created in the directory specified here
(log_directory=)

(registration_invited_nodes=192.168.0.90)

    # Logging would be in done at this level
    # Valid values: OFF | USER | ADMIN | SUPPORT
    (log_level=off)

    # Maximum number of connections per gateway
    # Valid values: Any positive number (Practically limited by few 1000s)
    (max_connections=256)

    # Idle timeout value in seconds
    # Valid values: Any positive number
    (idle_timeout=0)

    # Inbound connect timeout in seconds
    # Valid values: Any positive number
    (inbound_connect_timeout=0)

    # Session timout in seconds
    # Valid values: Any positive number
    (session_timeout=0)

    # Outbound connect timeout in seconds
    # Valid values: Any positive number
    (outbound_connect_timeout=0)

    # Maximum number of gateways that can be started
    # Valid values: Any positive number (Practically limited by
    #                                    system resources)
    (max_gateway_processes=16)

    # Minimum number of gateways that must be present at any time
    # Valid values: Any positive number (Practically limited by
    #                                    system resources)
    # max_gateway_processes > min_gateway_processes
    (min_gateway_processes=2)

    # Remote administration allowed?
    # Valid Values: Boolean values for on/off
    (remote_admin=on)

# Trace files would be created in the directory specified here
(trace_directory=)

    # Trace done at this level
    # Valid values: OFF | USER | ADMIN | SUPPORT
    (trace_level=off)

    # Is timestamp needed with tracing?
    # Valid values: Boolean values for on/off
    (trace_timestamp=off)

    # Length of the trace file in kB
    # Valid values: Any positive number (Limited practically)
    (trace_filelen=1000)

    # No. of trace files to be created when using cyclic tracing
    # Valid values: Any positive number
    (trace_fileno=1)

    # Maximum number of CMCTL sessions that can exist simultaneously
    # Valid values: Any positive number
    (max_cmctl_sessions=4)

# Event logging: event groups that need to be logged
(event_group=init_and_term,memory_ops)
)

# Rule list

# Rule Specification:
# src = Source of connection; '*' for 'ANY'
# dst = Destination of connection; '*' for 'ANY'
# srv = Service of connection; '*' for 'ANY'
# act = Action: 'accept', 'reject' or 'drop'

# Action List Specification:
# aut         = aso_authentication_filter
# moct        = outbound_connect_timeout
# mct         = session_timeout
# mit         = idle_timeout
# conn_stats = connect_statistics
(rule_list=
    (rule=
       (src=124.16.3.16)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )
    (rule=
       (src=192.168.0.100)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )
    (rule=
       (src=*)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=300)(conn_stats=on))
    )

)
)

我们来按顺序详细解释一下上面的几段红色配置：

第1个部分说明如下：

cman_cvcdds198 = 必需给配置起个名字
(configuration=

# Listening address of the cman
(ADDRESS_LIST = 必需在LAN和Internet两个接口上都开启1630端口的监听
(address=(protocol=tcp)(host=124.16.3.16)(port=1630))
(address=(protocol=tcp)(host=192.168.0.100)(port=1630))
)

1630端口是我们的配置，实际上可以选择别的端口，比如LAN（192.168.0.100）可以选择1521或别的端口，而Inter上（124.16.3.16）可以选择1521或别的端口，还可以与LAN上的端口不同。在我们的配置中，Client Machine在Internet上通过1630端口连接124.16.3.16；而私有云内部的数据库服务器192.168.0.90则通过1630端口将数据库的服务注册到192.168.0.100，也就是Connection Manager。这样通过124.16.3.16连接进来的Client Machine就能访问到数据库服务器。Connect Manager扮演了两头连接的桥梁的角色，相当于一种应用层的网关或代理。

第2个部分说明如下：

(registration_invited_nodes=192.168.0.90)

这个配置很重要，它允许私有云内部的数据库服务器192.168.0.90通过1630端口将数据库的服务注册到192.168.0.100。如果有多个内部的数据库服务器所在的主机要进行服务注册，那么就写一个逗号分隔的列表。

第3个部分说明如下：

   (rule=
       (src=124.16.3.16)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )
    (rule=
       (src=192.168.0.100)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )

这与前面的配置有关，第1部分配置要在124.16.3.16上运行，这里就必须有1条src为124.16.3.16全局允许的rule。同样，第1部分配置要在192.168.0.100上运行，这里就必须有1条src为192.168.0.100全局允许的rule。

第4个部分说明如下：

    (rule=
       (src=*)(dst=*)(srv=*)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=300)(conn_stats=on))
    )

这一部分我们引入Connection Manager的过滤和防火墙功能。如果会话的idle time超过300秒，我们会断掉这个会话。

4. 在cvcdds198.xn.fj.cn这台机器上运行Connection Manager 19c：

为了方便地运行Connection Manager，我们可以利用. oraenv来设定环境变量。需要先向/etc/oratab里添加一个条目：

cm: /u01/app/oracle/product/19.3.0/client_1:N

这样就可以执行：

[oracle@cvcdds198 ~]$ . oraenv
ORACLE_SID = [cm] ? cm
ORACLE_BASE environment variable is not being set since this
information is not available for the current user ID oracle.
You can set ORACLE_BASE manually if it is required.
Resetting ORACLE_BASE to its previous value or ORACLE_HOME
The Oracle base remains unchanged with value /u01/app/oracle

启动Connection Manager（关闭Connection Manager的命令是cmctl shutdown -c cman_cvcdds198）:

[oracle@cvcdds198 admin]$ cmctl startup -c cman_cvcdds198

CMCTL for Linux: Version 19.0.0.0.0 - Production on 17-APR-2022 23:12:51

Current instance cman_cvcdds198 is not yet started
Connecting to (DESCRIPTION=(address=(protocol=tcp)(host=124.16.3.16)(port=1630)))
Starting Oracle Connection Manager instance cman_cvcdds198. Please wait...
CMAN for Linux: Version 19.0.0.0.0 - Production
Status of the Instance
----------------------
Instance name             cman_cvcdds198
Version                   CMAN for Linux: Version 19.0.0.0.0 - Production
Start date                17-APR-2022 23:12:51
Uptime                    0 days 0 hr. 0 min. 9 sec
Num of gateways started   2
Average Load level        0
Log Level                 OFF
Trace Level               OFF
Instance Config file      /u01/app/oracle/product/19.3.0/client_1/network/admin/cman.ora
Instance Log directory    /u01/app/oracle/diag/netcman/cvcdds198/cman_cvcdds198/alert
Instance Trace directory /u01/app/oracle/diag/netcman/cvcdds198/cman_cvcdds198/trace
The command completed successfully.

查看端口情况：

[oracle@cvcdds198 admin]$ netstat -lntp | grep :1630
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 192.168.0.100:1630 0.0.0.0:* LISTEN 5120/tnslsnr
tcp 0 0 124.16.3.16:1630 0.0.0.0:* LISTEN 5120/tnslsnr

5. 私有云里的数据库服务器的配置：

私有云里的数据库服务器必需向Connection Manager作数据库服务的动态注册。首先，要在数据库HOME的tnsnames.ora里写清楚Connect Manager的具体位置：

......
LISTENER_CMAN =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.100)(PORT = 1630))
......

然后更改remote_listener参数值：

SQL> alter system set remote_listener='LISTENER_CMAN';
System altered.
SQL> show parameter remote_listener

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_listener string LISTENER_CMAN

6. 在cvcdds198.xn.fj.cn这台机器上管理Connection Manager 19c：
当上面的这些1-5步都配置完成后，我们来查看Connection Manager是否工作正常，第1项是“show all”：

[oracle@cvcdds198 admin]$ cmctl

CMCTL for Linux: Version 19.0.0.0.0 - Production on 17-APR-2022 23:14:54

Welcome to CMCTL, type "help" for information.

CMCTL> help
The following operations are available
An asterisk (*) denotes a modifier or extended command:

administer      close*          exit            quit
reload          resume*         save_passwd     set*
show*           shutdown        sleep           startup
suspend*

CMCTL> administer cman_cvcdds198
Current instance cman_cvcdds198 is already started
Connections refer to (DESCRIPTION=(address=(protocol=tcp)(host=124.16.3.16)(port=1630))).
The command completed successfully.
CMCTL:cman_cvcdds198> help show
The following operations are available after show
An asterisk (*) denotes a modifier or extended command:

all                                  connections
defaults                             events
gateways                             parameters
registration_invited_nodes           rules
services                             status
valid_node_checking_registration     version
tdm_parameters

CMCTL:cman_cvcdds198> show all
listener_address          | (DESCRIPTION=(address=(protocol=tcp)(host=124.16.3.16)(port=1630)))
aso_authentication_filter |   OFF
connection_statistics     |    ON
event_group               | (init_and_term, memory_ops)
log_directory             | /u01/app/oracle/diag/netcman/cvcdds198/cman_cvcdds198/alert
log_level                 |   OFF
max_connections           |   256
idle_timeout              |     0
inbound_connect_timeout   |     0
session_timeout           |     0
outbound_connect_timeout |     0
max_gateway_processes     |    16
min_gateway_processes     |     2
max_cmctl_sessions        |     4
password                  |   OFF
remote_admin              |    ON
trace_directory           | /u01/app/oracle/diag/netcman/cvcdds198/cman_cvcdds198/trace
trace_level               |   OFF
trace_timestamp           |   OFF
trace_filelen             | 1000
trace_fileno              |     1
Number of filtering rules currently in effect: 2
(rule_list=
(rule=
    (src=124.16.3.16)
    (dst=*)
    (srv=*)
    (act=accept)
    (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
)
(rule=
    (src=*)
    (dst=*)
    (srv=*)
    (act=accept)
    (action_list=(aut=off)(moct=0)(mct=0)(mit=300)(conn_stats=on))
)
)
The command completed successfully.

第2项是“show registration_invited_nodes”：

CMCTL:cman_cvcdds198> show registration_invited_nodes
cman_cvcdds198 parameter "registration_invited_nodes" set to 192.168.0.90
The command completed successfully.

第3项是“show services”，这个最重要。如果第5步中私有云内的Oracle数据库服务器配置正确，那么就能看到在Connection Manager里有这些服务。如果没有看到服务，那么Connection Manager就毫无用处了：

CMCTL:cman_cvcdds198> show services

Services Summary...
Proxy service "cmgw" has 1 instance(s).
Instance "cman", status READY, has 2 handler(s) for this service...
    Handler(s):
      "cmgw001" established:0 refused:0 current:0 max:256 state:ready

         (ADDRESS=(PROTOCOL=ipc)(KEY=#5125.1)(KEYPATH=/var/tmp/.oracle_50000))
      "cmgw000" established:0 refused:0 current:0 max:256 state:ready

         (ADDRESS=(PROTOCOL=ipc)(KEY=#5123.1)(KEYPATH=/var/tmp/.oracle_50000))
Service "SERV1" has 1 instance(s).
Instance "orcl", status READY, has 4 handler(s) for this service...
    Handler(s):
      "SHARED DC000" established:0 refused:0 current:3 max:49149 state:ready
         REMOTE DISPATCHER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1521))
      "SHARED DC000" established:0 refused:0 current:3 max:49149 state:ready
         REMOTE DISPATCHER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1530))
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1521))
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1530))
Service "cmon" has 1 instance(s).
Instance "cman", status READY, has 1 handler(s) for this service...
    Handler(s):
      "cmon" established:2 refused:0 current:1 max:4 state:ready

         (ADDRESS=(PROTOCOL=ipc)(KEY=#5117.1)(KEYPATH=/var/tmp/.oracle_50000))
Service "orcl" has 1 instance(s).
Instance "orcl", status READY, has 4 handler(s) for this service...
    Handler(s):
      "SHARED DC000" established:0 refused:0 current:3 max:49149 state:ready
         REMOTE DISPATCHER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1521))
      "SHARED DC000" established:0 refused:0 current:3 max:49149 state:ready
         REMOTE DISPATCHER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1530))
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1521))
      "DEDICATED" established:0 refused:0 state:ready
         REMOTE SERVER
         (ADDRESS=(PROTOCOL=TCP)(HOST=station90.example.com)(PORT=1530))
The command completed successfully.

7. 在Client Machine上测试通过Connection Manager连接深藏于私有云内部的Oracle数据库服务器：

首先配置tns串：

......
CORCL =
(DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = cvcdds198.xn.fj.cn)(PORT = 1630))
    (CONNECT_DATA =
      (SERVICE_NAME = orcl)
    )
)
......

测试连接和超时连接：

SQL> conn hr/oracle_4U@corcl

Connected.
SQL> select count(*) from employees;

COUNT(*)
----------
107

超时300秒后

SQL> select count(*) from employees;
select count(*) from employees
*
ERROR at line 1:
ORA-03113: end-of-file on communication channel
Process ID: 58921
Session ID: 6 Serial number: 31318

路过

雷人

握手

鲜花

鸡蛋

收藏邀请

上一篇：【博客文章2021】在Flashback Transaction中处理事务的依赖关系和主键外键约束