11gR2 RAC启用iptables导致节点宕机问题处理_2

背景:

阅读新闻

11gR2 RAC启用iptables导致节点宕机问题处理

[日期:2013-08-20]

来源:Linux社区

作者:hw_libo

[字体:大 中 小]

通常,在安装数据库时,绝大多数都是要求把selinux及iptables关闭,然后再进行安装的。但是在运营商的系统中,很多安全的因素,需要将现网的数据库主机上的iptables开启的。

在开启iptables时就要注意了,比如一RAC中的hosts配置如下:

192.168.142.115 subsdb1

192.168.142.117 subsdb1-vip

10.0.0.115 subsdb1-priv

192.168.142.116 subsdb2

192.168.142.118 subsdb2-vip

10.0.0.116 subsdb2-priv

192.168.142.32 db-scan

那么理所当然的要将上面的IP都要放通的。但是在实际操作中,已经放通了上面的IP,结果数据库一的个实例宕掉了。

看看数据库的alert日志:

Tue Aug 20 00:29:40 2013

IPC Send timeout detected. Sender: ospid 8284 [Oracle@subsdb2 (LMD0)]

Receiver: inst 1 binc 1740332689 ospid 15851

IPC Send timeout to 1.0 inc 10 for msg type 65521 from opid 12

Tue Aug 20 00:29:48 2013

IPC Send timeout detected. Sender: ospid 8276 [oracle@subsdb2 (PING)]

Receiver: inst 2 binc 1801834534 ospid 8276

Tue Aug 20 00:29:52 2013

Detected an inconsistent instance membership by instance 2

Errors in file /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/trace/GDORDB2_lmon_8282.trc (incident=784092):

ORA-29740: evicted by instance number 2, group incarnation 12

Incident details in: /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/incident/incdir_784092/GDORDB2_lmon_8282_i784092.trc

Use ADRCI or Support Workbench to package the incident.

See Note 411.1 at My Oracle Support for error and packaging details.

Errors in file /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/trace/GDORDB2_lmon_8282.trc:

ORA-29740: evicted by instance number 2, group incarnation 12

LMON (ospid: 8282): terminating the instance due to error 29740

Tue Aug 20 00:29:54 2013

ORA-1092 : opitsk aborting process

Tue Aug 20 00:29:54 2013

License high water mark=29

Tue Aug 20 00:29:57 2013

System state dump requested by (instance=2, osid=8282 (LMON)), summary=[abnormal instance termination].

System State dumped to trace file /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/trace/GDORDB2_diag_8272.trc

Instance terminated by LMON, pid=8282

USER (ospid: 31106): terminating the instance

Instance terminated by USER, pid=31106

单纯从上面来看,初步可以断定是内部通信有问题,但是如何解决?

但再从数据库的alert和ASM实例的alert日志中都有这样的信息:

Private Interface 'bond2:1' configured from GPnP for use as a private interconnect.

[name='bond2:1', type=1, ip=169.254.148.209, mac=00-25-b5-00-00-67, net=169.254.0.0/16, mask=255.255.0.0, use=haip:cluster_interconnect/62]

Public Interface 'bond0' configured from GPnP for use as a public interface.

[name='bond0', type=1, ip=192.168.142.116, mac=00-25-b5-00-01-cb, net=192.168.142.0/24, mask=255.255.255.0, use=public/1]

Picked latch-free SCN scheme 3

从这个信息来看,RAC的内部通信还要用到net=169.254.0.0/16的IP,再从MOS Doc ID 1383737.1也有这样的说明,最后用ifconfig查到了RAC的两个节点中使用到的169网段的IP为:

169.254.122.59

169.254.148.209

在iptables中放通了这两个IP后,集群正常。

推荐阅读:

iptables—包过滤(网络层)防火墙 http://www.linuxidc.com/Linux/2013-08/88423.htm

Linux防火墙iptables详细教程 http://www.linuxidc.com/Linux/2013-07/87045.htm

iptables+L7+Squid实现完善的软件防火墙 http://www.linuxidc.com/Linux/2013-05/84802.htm

更多Oracle相关信息见Oracle 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=12

Oracle undo 镜像数据探究

调整Oracle数据库中表字段的顺序

相关资讯

IpTables 11gR2 RAC

iptables 用法及常用模块总结 (今 13:22)

Centos7.2 启用iptables (09月09日)

Linux iptables 端口转发 (07月03日)

CentOS7安装iptables防火墙 (10月01日)

CentOS 7中使用iptables (08月07日)

iptables+rsyslog(syslog)+ (07月02日)

本文评论

查看全部评论 (0)

表情:

姓名:

匿名

字数

同意评论声明

评论声明

尊重网上道德,遵守中华人民共和国的各项有关法律法规

承担一切因您的行为而直接或间接导致的民事或刑事法律责任

本站管理人员有权保留或删除其管辖留言中的任意内容

本站有权在网站内转载或引用您的评论

参与本评论即表明您已经阅读并接受上述条款

最新资讯

iptables 用法及常用模块总结

Python进程及线程编程

CentOS 7.2编译安装MariaDB-10.0.xx

CentOS 7.2使用yum安装MariaDB10.1

CentOS7安装通用二进制格式MariaDB 10.2.8

Cisco IOS Software拒绝服务漏洞(CVE-2017

HCNA网络技术心得笔记

在VMware Workstation 12虚拟机中运行

Linux下的crontab定时执行任务命令详解

如何在AIX中启动HACMP

背景:

阅读新闻

调整Oracle数据库中表字段的顺序

[日期:2013-08-20]

来源:Linux社区

作者:binbinxyz

[字体:大 中 小]

第一步,从数据字典视图查询出表的id

select object_id from all_objects where owner='SUNYARD' and object_name='TBL_WDC_INF';

第二步,通过id查出该表中所有字段的顺序

select obj#,col#,name from sys.col$ where obj#=89677;

第三步,更新字段的顺序

update sys.col$ set col#=0 where obj#=89677 and name='SN';

update sys.col$ set col#=7 where obj#=89677 and name='ANSWERCODE';

update sys.col$ set col#=9 where obj#=89677 and name='STATUS';

update sys.col$ set col#=4 where obj#=89677 and name='TOACCNO';

update sys.col$ set col#=3 where obj#=89677 and name='ACCNO';

update sys.col$ set col#=8 where obj#=89677 and name='CHECKCODE';

update sys.col$ set col#=5 where obj#=89677 and name='AMOUNT';

update sys.col$ set col#=2 where obj#=89677 and name='MERCHANTID';

update sys.col$ set col#=1 where obj#=89677 and name='SN';

注意:上述更新需要DBA权限

更多Oracle相关信息见Oracle 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=12

11gR2 RAC启用iptables导致节点宕机问题处理

Oracle特定用户登录失败案例

相关资讯

Oracle调整字段顺序

本文评论

查看全部评论 (0)

表情:

姓名:

匿名

字数

同意评论声明

评论声明

尊重网上道德,遵守中华人民共和国的各项有关法律法规

承担一切因您的行为而直接或间接导致的民事或刑事法律责任

本站管理人员有权保留或删除其管辖留言中的任意内容

本站有权在网站内转载或引用您的评论

参与本评论即表明您已经阅读并接受上述条款

最新资讯

GitHub为MySQL社区贡献了新的在线更改表定

MySQL/MariaDB数据库备份与恢复之mysqlpump

MySQL备份之mydumper入门学习

Oracle官方并行逻辑备份工具mysqlpump

MySQL 5.7 mysqlpump 备份工具说明

MySQL5.7.11 mysqlpump 多线程逻辑备份工具

MySQL 5.6 XtraBackup 全量和增量的备份和

基于XtraBackup 2.3.5 的 MySQL全量备份与

Chrome OS 现可支持简易密码解锁

NSA的代码遭到教授的嘲笑

背景:

阅读新闻

Oracle特定用户登录失败案例

[日期:2013-08-20]

来源:Linux社区

作者:Linux

[字体:大 中 小]

昨晚收到开发的邮件,说使用PL/SQL DEV登录数据库时,出现如下错误,要求处理下:

看到这个错误我也比较郁闷,没碰到过这种情况。于是手工创建了一个测试用户scott,发现远程登录没有问题的。此时考虑应该是数据库中有些用户限制了登录的。再看错误编号:ORA-20001,Oracle保留的异常错误号范围为-20999到-20000,提供给用户自定义异常使用的,这进一步确认了数据库的一些用户被做了限制的。那到底做了哪些限制呢?

通常有两种方法:

(1)在sqlnet.ora文件中配置,比如:

限制IP地址192.168.131.109对数据库的访问

在sqlnet.ora文件中添加如下内容:

tcp.validnode_checking=yes

tcp.invited_nodes=(192.168.130.11)

tcp.excluded_nodes=(192.168.131.109)

第一行的含义:启用IP限制功能;

第二行的含义:允许访问数据库的IP地址列表,多个IP地址使用逗号分开,此例中我们写入数据库服务器的IP地址;

第三行的含义:禁止访问数据库的IP地址列表,多个IP地址使用逗号分开,此处我们写入欲限制的IP地址192.168.131.109。

然后重启监听生效。

(2)使用trigger

在trigger中定义,哪些IP及哪些用户能够远程登录数据库。

说明:使用profile是不能做到限制IP登录的。

很明显,方法(1)不能自定义错误号:ORA-20001,而使用方法(2)trigger中可以定义错误号,很有可能使用的是trigger,于是查看:

select t.owner,t.trigger_name,t.triggering_event,t.table_owner,t.status,t.trigger_body,t.description from dba_triggers t where t.triggering_event like '%LOGON%';

果然是使用trigger限制登录IP及用户的。

trigger_body:

DECLARE

ipaddr VARCHAR2(30);

BEGIN

SELECT sys_context('userenv', 'ip_address') INTO ipaddr FROM dual;

IF ipaddr not in ('192.168.131.54','192.168.131.55','192.168.131.97','192.168.131.60','192.168.131.61','192.168.131.63','192.168.131.64','192.168.131.62','192.168.131.65','192.168.131.95','192.168.131.57','192.168.131.58','192.168.131.59','192.168.131.94','192.168.131.93','192.168.105.94','192.168.105.95','192.168.105.96','192.168.105.98','192.168.105.99','192.168.105.65') THEN

raise_application_error('-20001', 'You can not login,Please contact administrator');

END IF;

END disablelogin_userdb1;

最后给出的建议:

可以以mtdb(另一个用户,没有做限制)登录 访问加用户前缀,或者去除触发器(不建议)。

更多Oracle相关信息见Oracle 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=12

调整Oracle数据库中表字段的顺序

Oracle 11.2.0.3.7 PSU补丁升级

相关资讯

Oracle用户登录 Oracle登录失败

Oracle 用户登录密码错误次数修改 (今 16:41)

Oracle取消用户连续登录失败次数限 (08/17/2016 21:00:28)

本文评论

查看全部评论 (0)

表情:

姓名:

匿名

字数

同意评论声明

评论声明

尊重网上道德,遵守中华人民共和国的各项有关法律法规

承担一切因您的行为而直接或间接导致的民事或刑事法律责任

本站管理人员有权保留或删除其管辖留言中的任意内容

本站有权在网站内转载或引用您的评论

参与本评论即表明您已经阅读并接受上述条款

最新资讯

Oracle 用户登录密码错误次数修改

RMAN无法删除归档日志

Oracle不使用索引的几种情况列举

rsync+inotify实现数据的实时同步

在VMware Fusion 5 虚拟机里运行Hyper-V

部署AlwaysOn第二步:配置AlwaysOn,创建可

RedHat7中swappiness配置问题

Oracle临时表空间组

使用SCVMM跨集群迁移虚拟机失败(2904)

Windows Server 2012 NIC Teaming 介绍及注

背景:

阅读新闻

Oracle 11.2.0.3.7 PSU补丁升级

[日期:2013-08-20]

来源:Linux社区

作者:hw_libo

[字体:大 中 小]

说明:这是新上线主机,还没有建库的。如果库已经存在,那么最后还要进行刷库操作呢!

环境:SUSE Linux Enterprise Server 11 sp1 (x86_64)

要求将Oracle数据库从11.2.0.3.0升级到11.2.0.3.7 PSU(最新),补丁为:16619892

p16619892_112030_Linux-x86-64.zip

推荐阅读:Oracle数据库服务器升级内存需要考虑的问题 http://www.linuxidc.com/Linux/2013-05/83809.htm

用oracle用户解压后:

oracle@tb-dinggou3:~/softs> unzip p16619892_112030_Linux-x86-64.zip

oracle@tb-dinggou3:~/softs> ls

16619892 p16619892_112030_Linux-x86-64.zip

oracle@tb-dinggou3:~/softs> cd 16619892/

oracle@tb-dinggou3:~/softs/16619892> ls

13343438 13696216 13923374 14275605 14727310 16056266 16619892 patchmd.xml README.html README.txt

这个PSU对OPatch有要求,要用11.2.0.3.0之后版本的OPatch,这个OPatch的补丁号为6880880。那么就要下载这个OPatch补丁了:

p6880880_112000_Linux-x86-64.zip

然后进行OPatch替换:

oracle@tb-dinggou3:~/softs> cd $ORACLE_HOME

oracle@tb-dinggou3:/opt/oracle/product/11gR2/db> mv OPatch OPatch_bak

oracle@tb-dinggou3:/opt/oracle/product/11gR2/db> unzip p6880880_112000_Linux-x86-64.zip

oracle@tb-dinggou3:/opt/oracle/product/11gR2/db> opatch version

OPatch Version: 11.2.0.3.4

补丁冲突检查:

oracle@tb-dinggou3:~/softs/16619892> opatch prereq CheckConflictAgainstOHWithDetail -ph http://www.linuxidc.com/Linux/2013-08/

Oracle Interim Patch Installer version 11.2.0.3.4

Copyright (c) 2012, Oracle Corporation. All rights reserved.

PREREQ session

Oracle Home : /opt/oracle/product/11gR2/db

Central Inventory : /opt/oraInventory

from : /opt/oracle/product/11gR2/db/oraInst.loc

OPatch version : 11.2.0.3.4

OUI version : 11.2.0.3.0

Log file location : /opt/oracle/product/11gR2/db/cfgtoollogs/opatch/opatch2013-08-20_04-52-55AM_1.log

Invoking prereq "checkconflictagainstohwithdetail"

Prereq "checkConflictAgainstOHWithDetail" passed.

OPatch succeeded.

没有补丁冲突。

补丁应用:

oracle@tb-dinggou3:~/softs/16619892> opatch apply

Oracle Interim Patch Installer version 11.2.0.3.4

Copyright (c) 2012, Oracle Corporation. All rights reserved.

Oracle Home : /opt/oracle/product/11gR2/db

Central Inventory : /opt/oraInventory

from : /opt/oracle/product/11gR2/db/oraInst.loc

OPatch version : 11.2.0.3.4

OUI version : 11.2.0.3.0

Log file location : /opt/oracle/product/11gR2/db/cfgtoollogs/opatch/opatch2013-08-20_04-53-08AM_1.log

Verifying environment and performing prerequisite checks...

OPatch continues with these patches: 13343438 13696216 13923374 14275605 14727310 16056266 16619892

Do you want to proceed? [y|n]

y

User Responded with: Y

All checks passed.

Provide your email address to be informed of security issues, install and

initiate Oracle Configuration Manager. Easier for you if you use your My

Oracle Support Email address/User Name.

Visit http://www.oracle.com/support/policies.html for details.

Email address/User Name:

You have not provided an email address for notification of security issues.

Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]: y

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.

(Oracle Home='/opt/oracle/product/11gR2/db')

Is the local system ready for patching? [y|n]

y

User Responded with: Y

Backing up files...

Applying sub-patch '13343438' to OH '/opt/oracle/product/11gR2/db'

Patching component oracle.rdbms.rsf, 11.2.0.3.0...

Patching component oracle.rdbms, 11.2.0.3.0...

Patching component oracle.rdbms.dbscripts, 11.2.0.3.0...

Verifying the update...

Applying sub-patch '13696216' to OH '/opt/oracle/product/11gR2/db'

Patching component oracle.rdbms.rsf, 11.2.0.3.0...

Patching component oracle.rdbms, 11.2.0.3.0...

Patching component oracle.sdo.locator, 11.2.0.3.0...

Patching component oracle.sysman.console.db, 11.2.0.3.0...

Patching component oracle.sysman.oms.core, 10.2.0.4.4...

Verifying the update...

Applying sub-patch '13923374' to OH '/opt/oracle/product/11gR2/db'

ApplySession: Optional component(s) [ oracle.network.cman, 11.2.0.3.0 ] not present in the Oracle Home or a higher version is found.

Patching component oracle.rdbms.rsf, 11.2.0.3.0...

Patching component oracle.rdbms, 11.2.0.3.0...

Patching component oracle.rdbms.dbscripts, 11.2.0.3.0...

Patching component oracle.network.rsf, 11.2.0.3.0...

Patching component oracle.network.listener, 11.2.0.3.0...

Patching component oracle.sysman.console.db, 11.2.0.3.0...

Verifying the update...

Applying sub-patch '14275605' to OH '/opt/oracle/product/11gR2/db'

ApplySession: Optional component(s) [ oracle.precomp.lang, 11.2.0.3.0 ] not present in the Oracle Home or a higher version is found.

Patching component oracle.network.client, 11.2.0.3.0...

Patching component oracle.network.rsf, 11.2.0.3.0...

Patching component oracle.precomp.common, 11.2.0.3.0...

Patching component oracle.rdbms, 11.2.0.3.0...

Patching component oracle.rdbms.dbscripts, 11.2.0.3.0...

Patching component oracle.rdbms.rman, 11.2.0.3.0...

Patching component oracle.rdbms.rsf, 11.2.0.3.0...

Patching component oracle.rdbms.util, 11.2.0.3.0...

Verifying the update...

Applying sub-patch '14727310' to OH '/opt/oracle/product/11gR2/db'

Patching component oracle.rdbms, 11.2.0.3.0...

Patching component oracle.rdbms.dbscripts, 11.2.0.3.0...

Patching component oracle.rdbms.rsf, 11.2.0.3.0...

Patching component oracle.sdo.locator, 11.2.0.3.0...

Patching component oracle.sysman.console.db, 11.2.0.3.0...

Patching component oracle.sysman.oms.core, 10.2.0.4.4...

Verifying the update...

Applying sub-patch '16056266' to OH '/opt/oracle/product/11gR2/db'

ApplySession: Optional component(s) [ oracle.network.cman, 11.2.0.3.0 ] not present in the Oracle Home or a higher version is found.

Patching component oracle.network.listener, 11.2.0.3.0...

Patching component oracle.network.rsf, 11.2.0.3.0...

Patching component oracle.ovm, 11.2.0.3.0...

Patching component oracle.rdbms, 11.2.0.3.0...

Patching component oracle.rdbms.rman, 11.2.0.3.0...

Patching component oracle.rdbms.rsf, 11.2.0.3.0...

Patching component oracle.sdo.locator, 11.2.0.3.0...

Patching component oracle.rdbms.deconfig, 11.2.0.3.0...

Verifying the update...

Applying sub-patch '16619892' to OH '/opt/oracle/product/11gR2/db'

ApplySession: Optional component(s) [ oracle.precomp.lang, 11.2.0.3.0 ] not present in the Oracle Home or a higher version is found.

Patching component oracle.marvel, 11.2.0.3.0...

Patching component oracle.precomp.common, 11.2.0.3.0...

Patching component oracle.rdbms, 11.2.0.3.0...

Patching component oracle.rdbms.rman, 11.2.0.3.0...

Patching component oracle.rdbms.rsf, 11.2.0.3.0...

Patching component oracle.sysman.agent, 10.2.0.4.3...

Patching component oracle.sysman.console.db, 11.2.0.3.0...

Patching component oracle.sysman.repository.core, 10.2.0.4.4...

Patching component oracle.xdk, 11.2.0.3.0...

Patching component oracle.xdk.parser.java, 11.2.0.3.0...

Patching component oracle.xdk.rsf, 11.2.0.3.0...

Verifying the update...

OPatch found the word "warning" in the stderr of the make command.

Please look at this stderr. You can re-run this make command.

Stderr output:

ins_precomp.mk:19: warning: overriding commands for target `pcscfg.cfg'

/opt/oracle/product/11gR2/db/precomp/lib/env_precomp.mk:2160: warning: ignoring old commands for target `pcscfg.cfg'

/opt/oracle/product/11gR2/db/precomp/lib/ins_precomp.mk:19: warning: overriding commands for target `pcscfg.cfg'

/opt/oracle/product/11gR2/db/precomp/lib/env_precomp.mk:2160: warning: ignoring old commands for target `pcscfg.cfg'

OPatch found the word "warning" in the stderr of the make command.

Please look at this stderr. You can re-run this make command.

Stderr output:

ins_emagent.mk:113: warning: overriding commands for target `nmosudo'

ins_emagent.mk:52: warning: ignoring old commands for target `nmosudo'

/opt/oracle/product/11gR2/db/sysman/lib/ins_emagent.mk:113: warning: overriding commands for target `nmosudo'

/opt/oracle/product/11gR2/db/sysman/lib/ins_emagent.mk:52: warning: ignoring old commands for target `nmosudo'

Composite patch 16619892 successfully applied.

OPatch Session completed with warnings.

Log file location: /opt/oracle/product/11gR2/db/cfgtoollogs/opatch/opatch2013-08-20_04-53-08AM_1.log

OPatch completed with warnings.

12下一页

Oracle特定用户登录失败案例

每个 MySQL 开发者都应该了解的 10 个技巧

相关资讯

Oracle升级 Oracle 11.2.0.3.7

Oracle 10.2.0.1静默安装及升级到 (今 16:15)

Oracle升级中的参数补充 (05月31日)

升级Oracle 11.2.0.1.0到11.2.0.3. (01月12日)

RedHat Linux 5.7下Oracle RAC 10. (12月11日)

Oracle 10g(10.2.0.4)升级到10.2.0 (04月10日)

Oracle 11.2.0.1升级到11.2.0.3 (11/27/2015 09:21:45)

本文评论

查看全部评论 (0)

表情:

姓名:

匿名

字数

同意评论声明

评论声明

尊重网上道德,遵守中华人民共和国的各项有关法律法规

承担一切因您的行为而直接或间接导致的民事或刑事法律责任

本站管理人员有权保留或删除其管辖留言中的任意内容

本站有权在网站内转载或引用您的评论

参与本评论即表明您已经阅读并接受上述条款

最新资讯

Oracle 10.2.0.1静默安装及升级到10.2.0.4

构建高可用集群Keepalived+Haproxy负载均衡

双主MySQL+keepalived高可用配置

CentOS 6.8下部署Zabbix3.0

CentOS 6.8 下载MySQL 5.6 二进制包安装

CentOS 6.8 ftp服务安装配置 基于本地用户

CentOS 6.8 安装JDK1.7

CentOS 6.8 安装Tomcat7

Apache2.2+Mod_jk+Tomcat7集群 负载均衡

PHP编译安装时常见错误解决方法