其他部门领导要求修改 RAC 监听端口

在生产环境中，为了安全考虑，通常需要修改 Oracle RAC 监听的默认端口号。本技术方案旨在详细说明如何在 Oracle RAC 环境中修改监听端口，包括 SCAN listener 端口和 Listener Ports，以确保数据库的安全性和稳定性。

这么简单的事情,直接改了端口就是了,把 1521 改成 3306!

问题是不那么简单,只是个别领导要求,咋整? 集群已经运行好久了,而且上面有很多 PDB 的.跑得都是不那么重要,确又是很多其它部门领导小业务.

咋整? 要不来个端口转换? 部署个 NGIX,HAPROXY.或者写个 C 程序修改下 TCP/IP 包? 要不让运维搞个路由端口转换啥来的?

• 1. 部署个 NGIX 成本过高,这需要两台 VM,本部门领导不好通过
• 2. 要么拒绝对方,这个有点难
• 3. 运维层不好意思开口,有觉得不放心
• 4. 写程序 功力不那么深厚,有点 BUG 或者其它啥来的,责任必然是自己承担

在以前那个公号里,2020 写了个 ORACLE RAC 监听链条的文章.回忆中好像可自定义 SCAN LISTENER.

DNS 域名解析-> SCAN IP->VIP->PUBLIC IP,

其中 SCAN IP 有个监听器, PUBLIC IP 也有监听器.实例参数中有个远程监听的参数 类似叫 REMOTE_LISTENER 就是把本地的 VIP 或者是 PUBLIC IP 注册到远程监听器上.这个远程应该是 SCAN 监听器.应该注册本机的 VIP 吧.

那么我修改其中一个 SCAN IP 的端口为 3306 然后它自动转换到 VIP 的 1521.然后我把这个 SCAN IP 从 DNS 解析中踢出去,单独把 SCAN IP 提供该领导使用.

1.查看当前 scan 监听配置

[grid@rac1 ~]$ srvctl config scan_listener


SCAN Listeners for network 1:


Registration invited nodes: 


Registration invited subnets: 


Endpoints: TCP:1521


SCAN Listener LISTENER_SCAN1 exists


SCAN Listener is enabled.

这里我们拿LISTENER_SCAN1做实验

[grid@rac1 ~]$ lsnrctl status LISTENER_SCAN1
LSNRCTL for Linux: Version 11.0.2.0.4 - Production on 08-NOV-2024 01:01:55
Copyright (c) 1991, 2014, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER_SCAN1
Version                   TNSLSNR for Linux: Version 11.0.2.0.4 - Production
Start Date                07-NOV-2024 04:59:22
Uptime                    1024 days 20 hr. 2 min. 33 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/grid/diag/tnslsnr/rac1/listener_scan1/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER_SCAN1)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.115)(PORT=1521)))
Services Summary...
Service "orcl" has 2 instance(s).
  Instance "orcl1", status READY, has 1 handler(s)forthis service...
  Instance "orcl2", status READY, has 1 handler(s)forthis service...

额 实例直接把自己注册到了SCAN监听器里,那VIP怎么漂移呢?

# public
192.168.2.111        rac1
192.168.2.112        rac2
 
# private
10.10.10.1   rac1-priv
10.10.10.2   rac2-priv
 
# virtual
192.168.2.113    rac1-vip
192.168.2.114    rac2-vip
# scan-ip
192.168.2.115            rac-scan

配了SCAN IP VIP有点多余了..... 本地监听器注册了VIP和PUBLIC IP

2 查看监听状态

[grid@rac1 ~]$ lsnrctl  status
LSNRCTL for Linux: Version 11.0.2.0.4 - Production on 08-NOV-2024 01:01:42
Copyright (c) 1991, 2014, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.0.2.0.4 - Production
Start Date                07-NOV-2024 05:00:14
Uptime                    365 days 20 hr. 1 min. 28 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/grid/diag/tnslsnr/rac1/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.111)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.113)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM1", status READY, has 1 handler(s)forthis service...
Service "orcl" has 1 instance(s).
  Instance "orcl1", status READY, has 1 handler(s)forthis service...
The command completed successfully

算了反正要国产化了,可怜了ORACLE要说声拜拜了! ORACLE真好.在我工作20年来,说拜拜的还有DELPHI.搞IT就是这样吃青春饭,技术淘汰太快了.开发也不容易,各种框架,各种架构.

3 修改SCAN监听器的端口

[grid@rac1 ~]$ srvctl modify scan_listener -p 3306

只要修改SCAN 监听的端口就行了.本地监听端口依旧是1521