Tuesday, September 15, 2009

Oracle Connection Manager (CMAN)

Connection Manager (CMAN)

Installation

Document is based on Oracle release 10gR2 (10.2.0.4.0). To test it on a single server it is better to create 2 Oracle home. One Oracle database server home that will handle our test database and one small Oracle client home that will handle Connection Manager executable.
On Unix the executable is called cmctl.
In following Oracle client installed under /ora_client10g/software with oraclient account. Oracle database installed under /ora_10g/software with ora10g account.

Configuration

Connection Manager

To create the first Connection Manager configuration inherit cman.ora file from /ora_client10g/software/network/admin/samples. Then modify it to map your target configuration. In following cman.ora example we target to listen on port 1551 and redirect connection for 10g.world service to databse running on the same server. For all clients whatever their IP.

cman.ora:
cman =
(configuration=
  (address=(protocol=tcp)(host=eult93.sgp.st.com)(port=1551))
  (parameter_list =
    (aso_authentication_filter=off)
    (connection_statistics=on)
    (log_directory=/ora_client10g/software/network/log)
    (log_level=SUPPORT)
    (max_connections=256)
    (idle_timeout=0)
    (inbound_connect_timeout=0)
    (session_timeout=0)
    (outbound_connect_timeout=0)
    (max_gateway_processes=16)
    (min_gateway_processes=2)
    (remote_admin=on)
    (trace_directory=/ora_client10g/software/network/trace)
    (trace_level=SUPPORT)
    (trace_timestamp=on)
    (trace_filelen=1000)
    (trace_fileno=1)
    (max_cmctl_sessions=4)
    (event_group=init_and_term,memory_ops)
  )

  (rule_list=
    (rule=
       (src=*)(dst=*)(srv=10g.world)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )
    (rule=
       (src=eult93)(dst=127.0.0.1)(srv=cmon)(act=accept)
       (action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
    )
  )
)

tnsnames.ora:
10g.world=
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com) (PORT = 1541))
)
(CONNECT_DATA = (SID = 10g))
)

sqlnet.ora:
NAMES.DEFAULT_DOMAIN = world
NAMES.DIRECTORY_PATH= (TNSNAMES)

USE_CMAN = true

SQLNET.EXPIRE_TIME = 1

Then start it using cmctl command. You must launch it interactively to tell which is the name of the connection manager you plan to administer (the name in the cman.ora file).
[oraclient@eult93 ~]$ cmctl

CMCTL for Linux: Version 10.2.0.4.0 - Production on 14-SEP-2009 14:04:31

Copyright (c) 1996, 2007, Oracle.  All rights reserved.

Welcome to CMCTL, type "help" for information.

CMCTL> administer cman
Current instance cman is not yet started
Connections refer to (address=(protocol=tcp)(host=eult93.sgp.st.com)(port=1551)).
The command completed successfully.
CMCTL:cman> startup
Starting Oracle Connection Manager instance cman. Please wait...
TNS-04077: WARNING: No password set for the Oracle Connection Manager instance.
CMAN for Linux: Version 10.2.0.4.0 - Production
Status of the Instance
----------------------
Instance name             cman
Version                   CMAN for Linux: Version 10.2.0.4.0 - Production
Start date                14-SEP-2009 14:04:44
Uptime                    0 days 0 hr. 0 min. 9 sec
Num of gateways started   2
Average Load level        0
Log Level                 SUPPORT
Trace Level               SUPPORT
Instance Config file      /ora_client10g/software/network/admin/cman.ora
Instance Log directory    /ora_client10g/software/network/log
Instance Trace directory  /ora_client10g/software/network/trace
The command completed successfully.

You can get some statistics (rules, uptime, conneciton, ...) using show command:
CMCTL:cman> show all
listener_address          | (address=(protocol=tcp)(host=eult93.sgp.st.com)(port=1551))
aso_authentication_filter |   OFF
connection_statistics     |    ON
event_group               | (init_and_term, memory_ops)
log_directory             | /ora_client10g/software/network/log
log_level                 | SUPPORT
max_connections           |   256
idle_timeout              |     0
inbound_connect_timeout   |     0
session_timeout           |     0
outbound_connect_timeout  |     0
max_gateway_processes     |    16
min_gateway_processes     |     2
max_cmctl_sessions        |     4
password                  |   OFF
remote_admin              |    ON
trace_directory           | /ora_client10g/software/network/trace
trace_level               | SUPPORT
trace_timestamp           |    ON
trace_filelen             |  1000
trace_fileno              |     1
Number of filtering rules currently in effect: 2
(rule_list=
(rule=
(src=*)
(dst=*)
(srv=10g.world)
(act=accept)
(action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
)
(rule=
(src=eult93)
(dst=127.0.0.1)
(srv=cmon)
(act=accept)
(action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
)
)
The command completed successfully.

Database Server

listener.ora:
LISTENER_10g =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com)(PORT = 1541))
)
)
)

SID_LIST_LISTENER_10g =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = 10g.world)
(SID_NAME = 10g)
(ORACLE_HOME = /ora_10g/software)
)
)

sqlnet.ora:
NAMES.DEFAULT_DOMAIN = world
NAMES.DIRECTORY_PATH= (TNSNAMES)

USE_CMAN = true

TCP.VALIDNODE_CHECKING = yes
TCP.INVITED_NODES = (localhost,eult93.sgp.st.com)
#TCP.EXCLUDED_NODES = (localhost,164.129.228.51,eult93.sgp.st.com)
TCP.EXCLUDED_NODES= (164.129.228.51)

SQLNET.EXPIRE_TIME = 1

The configuration is made to forbid direct access to the database for client IP 164.129.228.51 (desktop used for testing) and to allow database listener connection only for itself (or the Connection Manager hostname/IP if different for your environment). This a good security rue that would avoid end users to modify the tnsnames.ora file they have on their desktop to remove the Connection Manager entry...

Client

Classic connection:
EULT93_10G.WORLD =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com)(PORT = 1541))
)
(CONNECT_DATA =
(SID = 10g)
(SERVER = DEDICATED)
)
)

Using Connection Manager:
EULT93_CMAN.WORLD =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com)(PORT = 1551))
(ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com)(PORT = 1541))
)
(CONNECT_DATA =
(SERVICE_NAME = 10g.world)
(SERVER = DEDICATED)
)
(SOURCE_ROUTE=YES)
)

Testing

With classic connection



C:\>tnsping eult93_10g

TNS Ping Utility for 32-bit Windows: Version 10.2.0.1.0 - Production on 14-SEP-2009 17:32:01

Copyright (c) 1997, 2005, Oracle.  All rights reserved.

Used parameter files:
C:\oem10g\network\admin\sqlnet.ora


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com)(PORT = 1541))) (CONNECT_DATA = (SID = 10g) (SERVER = DEDICATED)))
TNS-12547: TNS:lost contact
C:\>sqlplus yjaquier@eult93_10g

SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 14 17:51:16 2009

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Enter password:
ERROR:
ORA-12537: TNS:connection closed

With Connection Manager

C:\>tnsping eult93_cman

TNS Ping Utility for 32-bit Windows: Version 10.2.0.1.0 - Production on 14-SEP-2009 17:32:02

Copyright (c) 1997, 2005, Oracle.  All rights reserved.

Used parameter files:
C:\oem10g\network\admin\sqlnet.ora


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com)(PORT = 1551)) (ADDRESS = (PROTOCOL = TCP)(HOST = eult93.sgp.st.com)(PORT = 1541))) (CONNECT_DATA = (SERVICE_NAME = 10g.world) (SERVER = DEDICATED)) (SOURCE_ROUTE=YES))
OK (20 msec)
C:\>sqlplus yjaquier@eult93_cman

SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 14 17:32:05 2009

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Enter password:

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, Data Mining and Real Application Testing options

SQL>

1 comment:

  1. Thanks for the information. I am currently maintaining the server back in the office and when I research about servers it's really helpful to read blogs just like this. Thanks for sharing.

    Datacenter

    ReplyDelete

Followers