Linux-UNIX: Install and configure the Oracle Connection Manager in an Oracle RAC environment
Oracle RAC cluster environments are usually set up within a private (trusted) network. Data should be only encrypted for remote clients' connections.
Procedure
Configure the Oracle Connection Manager (OCM) environment on the main Oracle RAC node or on
each node for high availability.
- Configure the Listener for OCM for TCPS and TCP protocols with the remote server hostname or Ithe P address in the file cman.ora.
- Configure the cman.ora file with standard parameter list for OCM and enable_ip_forwarding=yes. The rule list should include a source configured for server hostname or IP and destination to SCAN - LISTENER hostname or IP.
- In the cman.ora file, set the parameter REGISTRATION_INVITED_NODES with node(s) hostname(s) or IP(s). This parameter also accepts wildcards as values for group of IPs.
- Configure the file sqlnet.ora in the OCM environment for SSL connections
- Configure client’s connections to connect to RAC instances using OCM and SCAN_ LISTENER hostnames and corresponding ports.
Example of cman.ora file:
cman= (configuration=(address=(protocol=tcps)(host=<CMAN_HOST/IP>)(port=1552)) (address=(protocol=tcp)(host=<CMAN_HOST/IP>)(port=1551)) (parameter_list = (aso_authentication_filter=off) (connection_statistics=yes) (log_level=off) (enable_ip_forwarding=yes) (max_connections=256) (idle_timeout=0) (inbound_connect_timeout=0) (session_timeout=0) (outbound_connect_timeout=0) (max_gateway_processes=16) (min_gateway_processes=2) (remote_admin=on) (trace_level=off) (trace_timestamp=off) (trace_filelen=1000) (trace_fileno=1) (max_cmctl_sessions=4) (event_group=init_and_term,memory_ops) (REGISTRATION_INVITED_NODES =node1_host,node2_host,node3_host/IPs) ) (rule_list=(rule=(src=CMAN_HOST)(dst=*)(srv=cmon)(act=accept)) (rule=(src=CMAN_HOST)(dst=*)(srv=*)(act=reject)) (rule=(src=127.0.0.1)(dst=*)(srv=cmon)(act=accept)) (rule=(src=127.0.0.1)(dst=*)(srv=*)(act=reject)) (rule=(src=::1)(dst=*)(srv=cmon)(act=accept)) (rule=(src=::1)(dst=*)(srv=*)(act=reject)) (rule=(src=*)(dst=SCAN_LISTENER_HOST/IP)(srv=DB_SERVICE_NAME)(act=accept)) ) ) ) WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /home/cman/app/cman/product/18.0.0/client_1/network/admin/wallet) ) )
Example of tnsnames.ora file:
Connection_String= (description= (source_route=yes) (address_list= (address=(protocol=tcps)(host=CMAN_HOST)(port=1552)) (address=(protocol=tcp)(host=SCAN-LISTENER_HOST)(port=SCAN_PORT)) ) (connect_data=(service_name=DB_SERVICE_NAME)) (SECURITY=(SSL_SERVER_CERT_DN="cn=Unit,cn=Organisation,dc=us,dc=com") ) )