設定
根據您的業務和安全需求,設定 Oracle Notification Server 代理主機。
設定 Oracle Notification Server 代理主機
您可以設定不含公事包和憑證,或使用 SSL 憑證和公事包的 Oracle Notification Server 代理主機。
此解決方案使用下列 Oracle Notification Server 代理主機組態檔參數:
ExtendedSecurityHeader=<header-name>通知現在可能包含發布者提供的存取表頭。憑證上稱為 CN (通用名稱) 的欄位可為憑證擁有者提供名稱。用戶端的 DN CN 部分 (辨別名稱) 會與每個用戶端連線一起儲存。當通知到達伺服器時,從屬端只有在其 CN 列在為 ExtendedSecurityHeader 設定的標頭名稱中時,才能收到通知。
ExtendedSecurityMode=<mode>none:不檢查任何項目。從屬端一律會收到所有通知。
strict:根據通知存取標頭檢查從屬端 (如果有的話),否則從屬端將不會收到通知。
allowunsecuresubscriber=false如果安全連線已正常設定,任何不安全的連線嘗試都將被拒絕。如果此參數設為 yes,即使未加密,仍允許對等連線,但在此情況下將不允許發布。
如果未設定安全連線,則會忽略此參數。
- 選項 1 :設定不含 SSL 公事包與憑證的 Oracle Notification Server 代理主機,以在 Oracle RAC 節點上建立 Oracle Notification Server 代理主機與 Oracle Notification Server 之間的通訊。請依照下列步驟設定不含公事包和憑證的 Oracle Notification Server 代理主機:
- 在「連線管理程式」主機上設定 Oracle Notification Server 代理主機。
- 使用下列內容建立
$ORACLE_HOME/opmn/conf/onsproxy.properties檔案:setConfigHome:/u01/app/oracle/product/23ai/client_1 debug:true addConfig: localport=6100 addConfig: remoteport=6200 addConfig: allowunsecuresubscriber=true addConfig: extendedsecuritymode=partial addConfig: extendedsecurityheader=none addNetwork: nodes.aaa=10.0.1.13:6200,10.0.1.95:6200 addSubscription: ("eventType=database/event/service") addSubscription: ("eventType=database/event/host") - 驗證
$ORACLE_HOME/opmn/conf/ons.config包含下列內容:# Generated by ONS Proxy allowpublish=127.0.0.1,::1 extendedsecurityheader=none allowunsecuresubscriber=true localport=6100 remoteport=6200 extendedsecuritymode=partial - 在 CMAN 主機上啟動 Oracle Notification Server 代理伺服器並檢查狀態。
[oracle@cman-host ~]$ onsctl proxy start Dec 17, 2024 10:35:20 PM oracle.ons.proxy.Proxy$ProxyConfig <init> INFO: Loading configuration: /u01/app/oracle/product/23ai/client_1/opmn/conf/onsproxy.properties Dec 17, 2024 10:35:21 PM oracle.ons.proxy.Proxy setDefaultConfigHome INFO: ORACLE_CONFIG_HOME set to /u01/app/oracle/product/23ai/client_1 Dec 17, 2024 10:35:21 PM oracle.ons.proxy.Proxy validateProxyConfig INFO: Validating configuration Dec 17, 2024 10:35:21 PM oracle.ons.proxy.Proxy updateProxyConfig INFO: Updating configuration Dec 17, 2024 10:35:21 PM oracle.ons.proxy.Proxy initProxy INFO: Initializing onsctl proxy: ons proxy started - 當您在
cman-host上啟動 Oracle Notification Server 代理主機時,請檢查在資料庫上建立的連線。在從屬端連線段落中,確認 Oracle CMAN 主機已連線到 Oracle RAC 資料庫。下列範例顯示 CMAN 連線至 Oracle Grid Infrastructure 上執行的 Oracle Notification Server 之後的修剪輸出。您應該會在兩部 Oracle RAC 機器上看到來自10.0.0.90的連線。由於此連線沒有 SSL 憑證和公事包,因此在 Oracle CMAN 連線中不會看到CN=cman-host項目。[grid ~]$ onsctl debug Client connections: (8) ID CONNECTION ADDRESS PORT FLAGS SNDQ REF PHA SUB -------- --------------------------------------- ----- ------- ---- --- --- --- 0 internal 0 000044a 0 1 IO 1 2 127.0.0.1 62766 000041a 0 1 IO 1 1 127.0.0.1 62770 000041a 0 1 IO 1 3 127.0.0.1 62768 000041a 0 1 IO 1 4 127.0.0.1 62796 000041a 0 1 IO 1 7 127.0.0.1 62838 000041a 0 1 IO 0 26 ::ffff:10.0.0.90 21876 008042a 0 1 IO 2 request 127.0.0.1 12334 0000e1a 0 1 IO 0
- 選項 2 :為了安全起見,請使用公事包和 SSL 憑證設定 Oracle Notification Server 代理主機。SSL 需要從屬端 - 伺服器連線之信任提供者的自行簽署憑證或憑證授權機構 (CA)。SSL 可作為數位護照,使用公開金鑰和私密金鑰來驗證您的認證和終端 Web 伺服器的認證。當兩個身分都經過驗證時,SSL 透過 HTTPS 提供安全的連線。此處理作業是使用 SSL 憑證來執行。
附註:
如果您使用憑證授權機構 (例如 Verisign) 所發行的使用者憑證,就不需要將憑證向用戶端推出。新增使用者憑證之前,請先將 CA 根憑證和鏈結中的任何中繼憑證新增為公事包信任憑證。- 在 Oracle RAC 節點上建立 Oracle wallet 和自行簽署的憑證。以
root使用者身分在其中一個 Oracle RAC 節點上執行下列命令:mkdir -p /u01/app/wallet_dir chown grid:oinstall /u01/app/wallet_dir chmod 750 /u01/app/wallet_dir - 以
grid使用者身分執行下列命令:$ORACLE_HOME/bin/orapki wallet create -wallet /u01/app/wallet_dir -pwd <Replace With Your Password> -auto_login $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/wallet_dir $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/wallet_dir -pwd <Replace With Your Password> -dn "CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US" -keysize 2048 -self_signed -validity 365 $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/wallet_dir -pwd <Replace With Your Password> -dn "CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US" -keysize 2048 -self_signed -validity 365 $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/wallet_dir [grid@racnode1 ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/wallet_dir Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Trusted Certificates: Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US - 在「連線管理程式」主機上建立公事包和自行簽署的憑證。當您將 Oracle Notification Server 代理主機設定為在 CMAN 環境上執行並與 CMAN 和 RAC 節點上執行的 Oracle Notification Server 伺服器通訊時,需要 SSL 憑證以確保通訊安全。
附註:
根據您的環境密碼原則變更密碼。 - 下列為使用 SSL 憑證設定 Oracle Notification Server 代理主機的逐步程序。以
root使用者身分執行下列指令:mkdir -p /u01/app/oracle/wallet_dir chown oracle:oinstall /u01/app/oracle/wallet_dir chmod 750 /u01/app/oracle/wallet_dir以oracle使用者身分執行下列命令:$ORACLE_HOME/bin/orapki wallet create -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> -auto_login $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/oracle/wallet_dir以oracle使用者身分建立自行簽署的憑證:$ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> "CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US" -keysize 2048 -self_signed -validity 365 $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/oracle/wallet_dir -pwd REPLACE WITH YOUR PASSWORD> -dn "CN=cman-host,OU=ST,O=Oracle,ST=California,C=US" -keysize 2048 -self_signed -validity 365建立公事包之後,將公事包顯示為oracle使用者。您還看不到任何項目,因為憑證未建立 。[oracle@cman-host ~] $ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/oracle/wallet_dir Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Trusted Certificates: Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US - 在 Google Cloud 的用戶端機器上建立公事包和自行簽署憑證。由於 CMAN 主機上的 Oracle Notification Server 代理主機設定了 SSL 公事包,因此用戶端機器也必須設定一個含有自行簽署 SSL 憑證的公事包,以建立安全連線。在此情況下,您的用戶端主機上已安裝 Oracle 用戶端,可提供建立與管理公事包所需的工具。以
root使用者身分執行下列指令:mkdir -p /u01/app/client/wallet_dir chown oracle:oinstall /u01/app/client/wallet_dir chmod 750 /u01/app/client/wallet_dir以oracle使用者身分執行下列命令:$ORACLE_HOME/bin/orapki wallet create -wallet /u01/app/client/wallet_dir -pwd <Replace With Your Password>-auto_login $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/client/wallet_dir以oracle使用者身分建立自行簽署的憑證:$ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/client/wallet_dir -pwd <Replace With Your Password> -dn "CN=client-host.c.oraoperator-on-gke.internal,OU=ST,O=Oracle,ST=California,C=US" -keysize 2048 -self_signed -validity 365 $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/client/wallet_dir -pwd <Replace With Your Password>-dn "CN=client-host,OU=ST,O=Oracle,ST=California,C=US" -keysize 2048 -self_signed -validity 365建立公事包之後,將公事包顯示為oracle使用者。您還看不到任何項目,因為憑證未建立 。[oracle@client-host ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/client/wallet_dir Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=client-host.c.oraoperator-on-gke.internal,OU=ST,O=Oracle,ST=California,C=US Subject: CN=client-host,OU=ST,O=Oracle,ST=California,C=US Trusted Certificates: Subject: CN=client-host.c.oraoperator-on-gke.internal,OU=ST,O=Oracle,ST=California,C=US Subject: CN=client-host,OU=ST,O=Oracle,ST=California,C=US - 在 Oracle RAC 上設定公事包和 SSL 憑證,並使用下列程序設定 CMAN 和從屬端機器、在連線管理程式上匯出自行簽署的憑證,以及使用 Oracle RAC Node 1:以
grid使用者身分在 Oracle RAC 節點 1 上執行下列命令:$ORACLE_HOME/bin/orapki wallet export -wallet /u01/app/wallet_dir -pwd <Replace With Your Password> -dn "CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US" -cert "/tmp/scan_app1.crt" $ORACLE_HOME/bin/orapki wallet export -wallet /u01/app/wallet_dir -pwd <Replace With Your Password> -dn "CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US" -cert "/tmp/scan_app2.crt"以oracle使用者身分在 Oracle RAC 節點 1 上執行下列命令:$ORACLE_HOME/bin/orapki wallet export -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> -dn "CN=cman-host,OU=ST,O=Oracle,ST=California,C=US" -cert "/tmp/cman1.crt" $ORACLE_HOME/bin/orapki wallet export -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> -dn "CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US" -cert "/tmp/cman2.crt" - 匯出憑證之後,請匯入憑證,讓 CMAN Oracle Notification Server 代理主機可與 Oracle RAC Oracle Notification Server 交握式確認。將「連線管理程式」公事包複製到 Oracle RAC Node 1 並匯入憑證:
scp /tmp/cman* grid@racnode1.sub12161926541.onsproxyvcn.oraclevcn.com:/tmp/ $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/cman1.crt $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/cman2.crt將公事包從 Oracle RAC Node1 複製到 CMAN 主機,然後匯入憑證:scp grid@racnode1.sub12161926541.onsproxyvcn.oraclevcn.com:/tmp/scan_app* /tmp/ $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/scan_app1.crt $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/scan_app2.crt - 將公事包從 Oracle RAC 節點 1 複製到 Oracle RAC 節點 2:在 Oracle RAC Node 1 上以
root使用者身分執行下列命令:mkdir -p /u01/app/wallet_dir chown grid:oinstall /u01/app/wallet_dir chmod 750 /u01/app/wallet_dirscp grid@racnode1.sub12161926541.onsproxyvcn.oraclevcn.com:/u01/app/wallet_dir/* /u01/app/wallet_dir在 Oracle RAC Node 1 上以grid使用者身分執行下列命令:[grid@racnode1 ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/wallet_dir Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Trusted Certificates: Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US [grid@racnode2 ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/wallet_dir Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=USTrusted Certificate Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US - 請依照下列步驟,將 Google Cloud 中的用戶端機器公事包複製到 OCI 上的 CMAN 機器:執行下列命令以匯出
client-host機器上的公事包:$ORACLE_HOME/bin/orapki wallet export -wallet /u01/app/client/wallet_dir -pwd <Replace With Your Password> -dn "CN=client-host,OU=ST,O=Oracle,ST=California,C=US" -cert "/tmp/cert_app1.crt" $ORACLE_HOME/bin/orapki wallet export -wallet /u01/app/client/wallet_dir -pwd <Replace With Your Password> -dn "CN=client-host.c.oraoperator-on-gke.internal,OU=ST,O=Oracle,ST=California,C=US" -cert "/tmp/cert_app2.crt"將公事包從client-host複製到/tmp目錄下的cman-host:scp -i /tmp/gcp oracle@client-host.c.oraoperator-on-gke.internal:/tmp/cert_app* /tmp/將 CMAN 公事包從cman-host複製到/tmp目錄下的client-host:scp -i /tmp/gcp /tmp/cman* oracle@client-host.c.oraoperator-on-gke.internal:/tmp/ - 執行下列命令以匯入
cman-host機器上client-host的公事包:$ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/cert_app1.crt $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/oracle/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/cert_app2.crt [oracle@cman-host ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/oracle/wallet_dirOracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Trusted Certificates: Subject: CN=client-host.c.oraoperator-on-gke.internal,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Subject: CN=client-host,OU=ST,O=Oracle,ST=California,C=US執行下列命令,將cman-host的公事包匯入client-host機器:$ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/client/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/cman1.crt $ORACLE_HOME/bin/orapki wallet add -wallet /u01/app/client/wallet_dir -pwd <Replace With Your Password> -trusted_cert -cert /tmp/cman2.crt [oracle@client-host ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/client/wallet_dir Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=client-host.c.oraoperator-on-gke.internal,OU=ST,O=Oracle,ST=California,C=US Subject: CN=client-host,OU=ST,O=Oracle,ST=California,C=USTrusted Certificates: Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=client-host.c.oraoperator-on-gke.internal,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=client-host,OU=ST,O=Oracle,ST=California,C=US - 在 Oracle RAC 節點上設定 Oracle Notification Server 。以
grid使用者身分執行下列命令,不允許公事包中與 CN 不相符的連線與 Oracle Notification Server ,並只允許連線至信任的從屬端。$ORACLE_HOME/bin/crsctl modify res ora.ons -attr "ALLOW_UNSECURE_SUBSCRIBER=no" -unsupported $ORACLE_HOME/bin/srvctl modify nodeapps -clientdata /u01/app/wallet_dir/cwallet.sso $ORACLE_HOME/opmn/bin/onsctl reload執行此命令以grid使用者身分檢查 Oracle RAC Node 1 和 Oracle RAC Node 2 的組態:[grid@racnode1 ~]$ cat /u01/app/23.0.0.0/grid/opmn/conf/ons.config.racnode1 usesharedinstall=true allowgroup=true localport=6100 # line added by Agent remoteport=6200 # line added by Agent nodes=racnode1-priv:6200,racnode2-priv:6200 # line added by Agent walletfile=/u01/app/grid/crsdata/racnode1/onswallet/ # line added by Agent allowunsecuresubscriber=no # line added by Agent [grid@racnode2 ~]$ cat /u01/app/23.0.0.0/grid/opmn/conf/ons.config.racnode2 usesharedinstall=true allowgroup=true localport=6100 # line added by Agent remoteport=6200 # line added by Agent nodes=racnode1-priv:6200,racnode2-priv:6200 # line added by Agent walletfile=/u01/app/grid/crsdata/racnode2/onswallet/ # line added by Agent allowunsecuresubscriber=no # line added by Agent執行此命令,以grid使用者身分檢查 Oracle RAC 節點上的公事包。[grid@racnode1 ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/grid/crsdata/racnode1/onswallet Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=USTrusted Certificates: Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US [grid@racnode2 ~]$ $ORACLE_HOME/bin/orapki wallet display -wallet /u01/app/grid/crsdata/racnode2/onswallet Oracle PKI Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US ubject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=USTrusted Certificates: Subject: CN=racnode-scan,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host,OU=ST,O=Oracle,ST=California,C=US Subject: CN=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US Subject: CN=racnode-scan.sub12161926541.onsproxyvcn.oraclevcn.com,OU=ST,O=Oracle,ST=California,C=US
- 在 Oracle RAC 節點上建立 Oracle wallet 和自行簽署的憑證。以
- 在「連線管理程式」主機上設定 Oracle Notification Server 代理主機。使用下列內容建立
$ORACLE_HOME/opmn/conf/onsproxy.properties檔案:setConfigHome: /u01/app/oracle/product/23ai/client_1 debug: true addConfig: localport=6100 addConfig: remoteport=6200 addConfig: walletfile=/u01/app/oracle/wallet_dir addNetwork: nodes.aaa=10.0.1.13:6200,10.0.1.95:6200|walletfile=/u01/app/oracle/wallet_dir/cwallet.sso addSubscription: ("eventType=database/event/service") addSubscription: ("eventType=database/event/host")使用下列內容建立$ORACLE_HOME/opmn/conf/ons.config:# Generated by ONS Proxy allowpublish=127.0.0.1,::1 extendedsecurityheader=tenant_id allowunsecuresubscriber=false walletfile=/u01/app/oracle/wallet_dir localport=6100 remoteport=6400 =strict - 檢查在資料庫建立的連線。檢查在
cman-host上啟動 Oracle Notification Server 代理主機時,在資料庫端建立的連線。 - 使用從屬端主機機器名稱更新用戶 ID 。以
SYSDBA權限登入SQLPLUS,並在此情況下以「從屬端主機機器」client-host的名稱更新用戶 ID 。 - 以
SYSDBA權限登入SQLPLUS,然後以從屬端主機機器的名稱 (例如client-host) 更新用戶 ID 。附註:
請確定它與從屬端公事包 CN 中使用的名稱相符。SQL> alter session set container=ORCLPDB; Session altered SQL> alter pluggable database orclpdb tenant_id = 'client-host'; Pluggable database altered. SQL> select con_id, name, tenant_id from v$pdbs where name = 'ORCLPDB'; CON_ID NAME TENANT_ID ---------- ------------- ------------------------ 3 ORCLPDB client-host
建立 Oracle RAC 資料庫服務
建立 Oracle RAC 資料庫服務,並測試從 Oracle RAC 主機到 Oracle RAC 資料庫的連線。在從屬端機器上啟動應用程式,使用 Oracle RAC 與 Oracle Notification Server (在 CMAN 主機上執行) 的 ONS 連線來建立與 Oracle RAC 資料庫的 SQL 連線。模擬資料庫伺服器上的服務啟動和停止事件,並檢查在從屬端收到的 FAN 事件。
請依照下列步驟建立及啟動資料庫服務:
- 以
oracle使用者身分執行下列命令以建立資料庫服務。su - oracle srvctl add service -d ORCLCDB_8p7_phx -preferred ORCLCDB1,ORCLCDB2 -s raconssvc2 -pdb ORCLPDB -notification TRUE - 執行下列命令來啟動資料庫服務:
[oracle@racnode1 ~]$ srvctl start service -d ORCLCDB_8p7_phx -s raconssvc2 - 執行下列命令以重設
system使用者的密碼。根據您的環境原則使用 <PASSWORD>:SQL> alter user system identified by <PASSWORD>;User altered. - 請依照下列步驟,從
cman-host機器連線至資料庫:[oracle@cman-host ~]$ $ORACLE_HOME/bin/sqlplus system/<PASSWORD>@//cman-host.sub12161926540.onsproxyvcn.oraclevcn.com:1521/raconssvc2.sub12161926541.onsproxyvcn.oraclevcn.com SQL*Plus: Release 23.0.0.0.0 - for Oracle Cloud and Engineered Systems on Thu Dec 19 01:49:12 2024 Version 23.5.0.24.07 Copyright (c) 1982, 2024, Oracle. All rights reserved. Last Successful login time: Wed Dec 18, 2024, 00:59:27 +00:00 Connected to:Oracle Database 23ai EE Extreme Perf Release 23.0.0.0.0 - for Oracle Cloud and Engineered Systems Version 23.6.0.24.10 SQL> - 請依照下列步驟,從
client-host機器連線至資料庫:[oracle@client-host ~]$ $ORACLE_HOME/bin/sqlplus system//<PASSWORD>@//cman-host.sub12161926540.onsproxyvcn.oraclevcn.com:1521/raconssvc2.sub12161926541.onsproxyvcn.oraclevcn.com附註:
繼續下一個步驟之前,請先確定連線成功。
在從屬端主機上設定 fanWatcher
請遵循下列步驟,在用戶端主機機器上配置
FANWatcher:
- 複製
fanWatcher程式碼並將其暫存至/tmp/app資料夾下的client-host機器。[oracle@client-host response]$ mkdir /tmp/app [oracle@client-host response]$ export CLASSPATH="/tmp/app:$ORACLE_HOME/opmn/lib/ons.jar:$ORACLE_HOME/jlib/oraclepki.jar:$ORACLE_HOME/jlib/osdt_core.jar:$ORACLE_HOME/jlib/osdt_cert.jar:$ORACLE_HOME/jdbc/lib/ojdbc8.jar:." [oracle@client-host ~]$ cd /tmp/app/ [oracle@client-host app]$ ls -rlt total 8 -rw-r--r--. 1 oracle oinstall 6434 Dec 17 21:00 fanWatcher.java - 設定
fanWatcher.java檔案。[oracle@client-host app]$ javac fanWatcher.java Note: fanWatcher.java uses or overrides a deprecated API. Note: Recompile with -Xlint:deprecation for details. [oracle@client-host app]$[oracle@client-host app]$ [oracle@client-host app]$ export user=system [oracle@client-host app]$ export password=<PASSWORD> [oracle@client-host app]$ export url='jdbc:oracle:thin:@cman-host.sub12161926540.onsproxyvcn.oraclevcn.com:1521/raconssvc2' [oracle@client-host app]$ $ORACLE_HOME/jdk/bin/java -Doracle.ons.walletfile=/u01/app/client/wallet_dir -classpath ${CLASSPATH} fanWatcher "nodes=cman-host.sub12161926540.onsproxyvcn.oraclevcn.com:6200" Subscribing to events of type: Opening FAN Subscriber Window ...