Wednesday, July 2, 2014

How to implement Class Of Secure Transports (COST) Using the IPC Protocol

Existing configuration:

[oracle@vmxdb01 admin]$ cat listener.ora |grep -v '^#'|grep -v '^$'
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent

[oracle@vmxdb01 admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:31:50

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:13:26
Uptime                    0 days 0 hr. 18 min. 24 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

Change the local listener setting

[oracle@vmxdb01 admin]$ sqlplus / as sysasm

SQL*Plus: Release 11.2.0.4.0 Production on Wed Jul 2 21:43:01 2014

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Automatic Storage Management option

SQL> show instance;
instance "local"
SQL> select instance_name from v$instance;

INSTANCE_NAME
----------------
+ASM

SQL> set lin 85
SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521))))

SQL> alter system set local_listener='(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))';

System altered.

SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))

SQL> select instance_name from v$instance;

INSTANCE_NAME
----------------
orcl

SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521))

SQL> alter system set local_listener='(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))';

System altered.

SQL> select value from v$parameter where name='local_listener';

VALUE
-------------------------------------------------------------------------------------
(DESCRIPTION=(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)))

Change the listener.ora

[oracle@vmxdb01 admin]$ cat listener.ora |grep -v '^$'
# listener.ora Network Configuration File: /u01/app/11.2.0/grid/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent
# SECURE_REGISTER_LISTENER=ipc
# SECURE_CONTROL_LISTENER=ipc
SECURE_PROTOCOL_LISTENER=ipc

[oracle@vmxdb01 admin]$ lsnrctl stop listener

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:51:06

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
The command completed successfully

[oracle@vmxdb01 admin]$ lsnrctl start listener

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:54:01

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Starting /u01/app/11.2.0/grid/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.4.0 - Production
System parameter file is /u01/app/11.2.0/grid/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
TNS-12564: TNS:connection refused
TNS-01194: The listener command did not arrive in a secure transport

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:54:01
Uptime                    0 days 0 hr. 0 min. 8 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully

[oracle@vmxdb01 admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 21:56:09

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
TNS-12564: TNS:connection refused
TNS-01194: The listener command did not arrive in a secure transport

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:54:01
Uptime                    0 days 0 hr. 2 min. 7 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

Fix error message TNS-01194 by putting the IPC address as the first address in the listener

[oracle@vmxdb01 admin]$ cat listener.ora |grep -v '^#'|grep -v '^$'
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))

    )
  )
ADR_BASE_LISTENER = /u01/app/oracle
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON              # line added by Agent
SECURE_PROTOCOL_LISTENER=ipc

After restart the listener, the message TNS-1194 disappeared.

[oracle@vmxdb01 admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 02-JUL-2014 22:01:40

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                02-JUL-2014 21:56:48
Uptime                    0 days 0 hr. 4 min. 52 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/vmxdb01/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vmxdb01)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
  Instance "+ASM", status READY, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

sa_ipc60

14 comments:

  1. On the off chance that you too are hesitant about the worth this PMI® accreditation can add to your CV, read on to comprehend what result it can bring to your vocation. ExcelR PMP Certification

    ReplyDelete
  2. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. In fact your creative writing abilities has inspired me to start my own Blog Engine blog now. Really the blogging is spreading its wings rapidly. Your write up is a fine example of it.ExcelR pmp certification

    ReplyDelete
  3. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
    data analytics course mumbai
    data science interview questions

    ReplyDelete
  4. A great website with interesting and unique material what else would you need.
    data analytics course
    Data analytics Interview Questions

    ReplyDelete
  5. Thanks for sharing this information. I really like your blog post very much. You have really shared a informative and interesting blog post with people.. buy instagram likes using paypal

    ReplyDelete
  6. Terrific post thoroughly enjoyed reading the blog and more over found to be the tremendous one. In fact, educating the participants with it's amazing content. Hope you share the similar content consecutively.
    Data Analytics Course in Raipur

    ReplyDelete
  7. Hi to everybody, here everyone is sharing such knowledge, so it’s fastidious to see this site, and I used to visit this blog daily data science course in kanpur

    ReplyDelete
  8. The blog and data is excellent and informative as well data analytics course in mysore

    ReplyDelete
  9. Wonderful blog. I am delighted in perusing your articles. This is genuinely an incredible pursuit for me. I have bookmarked it and I am anticipating perusing new articles. Keep doing awesome!
    data analytics training in hyderabad

    ReplyDelete
  10. Being a customer, I will always looking for privacy during my Cheapest SSL Certificates Provider from eCommerce website. It is essential for them to learn and implement SSL certificate that can provide security as well as gain the trust of their customers.

    ReplyDelete
  11. What an amazing delivery timing and service! I am really glad that I chose them for my work! Not disappointed a bit! I would suggest them to everyone! They are great! Navigating The Financial Landscape

    ReplyDelete