實現Oracle非1521標準連接埠動態註冊
動態註冊dynamic registry和靜態註冊是Oracle執行個體和監聽器之間建立聯絡的重要方式。從現在趨勢看,預設監聽器+動態註冊已經成為預設Oracle標準配置。在一些情境下,處於安全的原因可能需要修改標準監聽配置和註冊方式。本篇主要介紹如何?非1521連接埠進行動態註冊方法。
1、預設監聽與1521連接埠
Oracle Net Service核心三個設定檔:listener.ora、tnsnames.ora和sqlnet.ora。其中,listener.ora檔案為監聽器相關資訊的設定檔。關於監聽器個人化參數內容,均在該檔案中設定。
在預設安裝情況下,我們一般在$ORACLE_HOME/network/admin目錄中是可以沒有listener.ora檔案的。
[oracle@aaalife admin]$ ls -l
-rw-r-----. 1 oracle oinstall 332 Aug 7 01:44 tnsnames.ora
此時,Oracle會在1521預設連接埠,支援一個預設設定檔的監聽器程式。並且,該程式支援動態註冊功能。
[oracle@aaalife admin]$ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:08:10
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Log messages written to /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:08:10
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
--此處沒有說明監聽器設定檔路徑。
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
The listener supports no services
The command completed successfully
對註冊行為另一端的Oracle執行個體而言,預設情況下Oracle執行個體會進行動態註冊動作,會向1521連接埠監聽的監聽程式進行註冊動作。
[oracle@aaalife admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:14:54
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:08:10
Uptime 0 days 0 hr. 6 min. 43 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Services Summary...
Service "aaadb" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
Service "aaadbXDB" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
The command completed successfully
2、非預設連接埠監聽器
在一些安全需求情境下,我們會被要求修改監聽連接埠到非1521連接埠,從而避免被掃描入侵。其實,這對於攻擊掃描程式來講,意義不大,因為一般駭客攻擊都會掃描所有連接埠。
如果我們需要修改連接埠號碼,就必須建立專門的listener.ora檔案內容來進行配置。下面內容可以配置一個非標準監聽器程式。
[oracle@aaalife admin]$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
MY_LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1531))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1531))
)
)
ADR_BASE_LISTENER = /u01/app/oracle
設定檔中,包括一個1531連接埠的監聽程式。下面查看監聽器情況。
[oracle@aaalife admin]$ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:27:53
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.4.0 - Production
System parameter file is /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
The listener supports no services
The command completed successfully
預設顯示的還有1521連接埠監聽程式。同時,發現其實當前伺服器上是由兩個監聽器啟動並執行。
[oracle@aaalife admin]$ lsnrctl status listener
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:30:13
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 0 hr. 2 min. 19 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Services Summary...
Service "aaadb" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
Service "aaadbXDB" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@aaalife admin]$
[oracle@aaalife admin]$ lsnrctl status my_listener
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:30:29
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1531)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:17:52
Uptime 0 days 0 hr. 12 min. 37 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1531)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1531)))
The listener supports no services
The command completed successfully
上面資訊顯示出幾個細節:
ü 我們在listener.ora檔案中配置了一個自訂監聽器my_listener,監聽1531連接埠。但是系統當前預設監聽器依然存在,並且可運行,在1521連接埠。my_listener監聽器運行在1531連接埠;
ü Oracle執行個體動態註冊動作是在1521連接埠的監聽程式上進行的,1531連接埠並沒有被註冊;
預設監聽器的問題好解決,只要我們只保留一個監聽即可。那麼,如何讓Oracle執行個體在1531連接埠進行註冊,不在1521連接埠進行註冊呢?
解決的方法就是使用local_listener配置參數。預設情況下,該參數為空白。
SQL> show parameter listener;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
listener_networks string
local_listener string
remote_listener string
該參數用於明確指定Oracle執行個體向哪一個監聽器上進行註冊動作。通常對於非標準連接埠註冊,都需要將註冊監聽資訊修改參數。
SQL> show parameter local
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
local_listener string (ADDRESS_LIST=(Address=(Protoc ol=tcp)(HOST=AAALIFE)(Port=1531)))
log_archive_local_first boolean TRUE
parallel_force_local boolean FALSE
注意:該參數local_listener修改範圍支援both方式,立即生效不需要重新啟動執行個體。
此時,監聽器狀態如下:
[oracle@aaalife dbs]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 02:32:25
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 1 hr. 4 min. 32 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
The listener supports no services
The command completed successfully
[oracle@aaalife dbs]$ lsnrctl status my_listener
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 02:32:33
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1531)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:17:52
Uptime 0 days 1 hr. 14 min. 41 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1531)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1531)))
Services Summary...
Service "aaadb" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
Service "aaadbXDB" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
The command completed successfully
執行個體向1531連接埠進行動態註冊了,原有1521預設監聽器沒有註冊資訊。
那麼,還有一個問題,就是local_listener設定值。該值採用括號運算式進行書寫,是Oracle Net Service內部使用的一種方式。從管理角度看,這種策略不是很好的方法。我們直接將連接埠編號書寫在資料庫參數中,不但容易泄露部署資訊,而且在發生遷移、變更動作的時候,這種方式也會有一些問題。
所以,Oracle官方支援監聽器別名方法進行配置local_listener。
3、設定監聽器別名
一個很有意思的現象是,在local_listener的配置問題上,MOS和網路同仁們的差異是很大的。MOS官方意見是將監聽器別名設定上,而網路同仁們無一例外的選擇“括號運算式”。
筆者實驗的情況是,直接設定監聽器別名,Oracle是不認可的。
SQL> alter system set local_listener='my_listener' scope=both;
alter system set local_listener='my_listener' scope=both
*
ERROR at line 1:
ORA-02097: parameter cannot be modified because specified value is invalid
ORA-00119: invalid specification for system parameter LOCAL_LISTENER
ORA-00132: syntax error or unresolved network name 'my_listener'
Oracle不能解析my_listener名稱,因為其既不是括號運算式,也不是設定的別名。這裡面就比較奇怪,我們分明已經在listener.ora檔案中定義了名稱。
對00132錯誤,Oracle官方的解釋如下:
[oracle@aaalife admin]$ oerr ora 00132
00132, 00000, "syntax error or unresolved network name '%s'"
// *Cause: Listener address has syntax error or cannot be resolved.
// *Action: If a network name is specified, check that it corresponds
// to an entry in TNSNAMES.ORA or other address repository
// as configured for your system. Make sure that the entry
// is syntactically correct.
Oracle認為在伺服器端的tnsnames.ora檔案中,沒有能夠找到my_listener的對應名稱。Tnsnames.ora是我們儲存本地串連對應名稱的地方,這裡是否意味著說此處的別名,是一定在tnsnames.ora檔案中進行定義。本地命名別名定義我們是熟悉的。監聽器程式別名如何定義?
經過查詢Oracle早期文檔和治療,從一個角落找到定義格式和方法。
[oracle@aaalife admin]$ cat tnsnames.ora# tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
MY_LISTENER=
(description=
(address=(protocol=tcp)(host=AAALIFE)(port=1531)))
突發奇想,tnsping命令有解析格式的副作用。是否可以成功呢?
[oracle@aaalife admin]$ tnsping my_listener
TNS Ping Utility for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 20:43:58
Copyright (c) 1997, 2013, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (description= (address=(protocol=tcp)(host=AAALIFE)(port=1531)))
OK (0 msec)
解析成功,起碼格式上沒有大的問題。
SQL> alter system set local_listener='MY_LISTENER' scope=both;
System altered.
SQL> show parameter local;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
local_listener string MY_LISTENER
log_archive_local_first boolean TRUE
parallel_force_local boolean FALSE
啟動手工註冊,查看監聽器狀態。
SQL> alter system register;
System altered.
[oracle@aaalife admin]$ lsnrctl status my_listener
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 20:50:47
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1531)))
STATUS of the LISTENER
------------------------
Alias my_listener
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 19:48:50
Uptime 0 days 1 hr. 1 min. 59 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/my_listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1531)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1531)))
Services Summary...
Service "aaadb" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
Service "aaadbXDB" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
The command completed successfully
設定成功,監聽器狀態中my_listener作為別名alias出現在狀態資訊中。
4、結論
動態註冊是我們最常用的註冊模式。多個設定檔(Oracle Net Service)、Oracle參數、監聽器設定交織相互作用影響,期間又有網路網卡、網域名稱解析等多因素作用,很容易出現問題故障。多實驗、多測試,可以協助我們抽絲剝繭,逐步深入的瞭解系統,在日常工作中更加遊刃有餘。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
