This post is also available in:
Português
One of the biggest problemas we have in Oracle Cloud Infrastructure Classic is that when you provision an ExaCS you cannot assign "IP Network" addresses (as known as private IPs, eg: 10.x.x.x) to your ExaCS machine. That being said, you have only 2 options if you want to communicate your applications in Compute Classic (as PaaS or IaaS) with your ExaCS:
- Assign a Public IP Address to all your application and create a firewall rule allowing each to communicate with you ExaCS
- Configure Oracle Connection Manager as your only point of connection with ExaCS.
Second option is much better than first for security, simplicity and design reasons. You can have a machine (or machines if you need HA) acting as a proxy server doing all the intermediate connection between your IaaS VLANs and ExaCS.
Usually, Oracle Connection Manager (OCM) is used when you can't access the DB directly for some reason and need a middle server "routing" your packets until the DB:
Source: http://arup.blogspot.com.br/2011/08/setting-up-oracle-connection-manager.html
So in this article I will show step by step of how to configure and deploy this solution.
In our configuration, we have:
- Clients running on a VLAN 10.10.0.0/16
- Two OCMs machines acting as proxy servers of ExaCS to all clients. They have 2 interfaces, one public and one private.
- The ExaCS server running on a Public IP, with client IP as 129.10.10.0/27 (could be as many db servers as you want).
The design would be the following:
The reason I have 2 OCMs is for Load Balance and HA. In case one of them fail, I don't have a Single point of failure (SPOF) in my architecture. The ExaCS is all made of redundancies, so I can't ruin it generating a SPOF in my design.
So, first of all, the connection rules. My ExaCS machine will need to have the following rules:
| SOURCE_HOST_NAME | DESTINATION_PORT | DESTINATION_HOST_NAME | PROTOCOL |
| EXAOCM1 | 1521 | EXACS | TCP |
| EXACS | 1521 | EXAOCM1 | TCP |
| EXAOCM2 | 1521 | EXACS | TCP |
| EXACS | 1521 | EXAOCM2 | TCP |
PS: Keep in mind that EXACS hostname actually means all the compute nodes and their Client IPs / Subnet.
So now it's time to install a new machine that will run the Oracle Connection Manager application. You can use a very small resourced machine as OCM will not use more than 2G of disk space. My recommendation for each is:
- Linux 7.2 or higher with latest yum updates.
- Oracle 12.2 client or higher with latest patches applied.
- 2 CPUs
- 20G HD
- 8G RAM
1. Installing Oracle Connection Manager
Let's start by installing OCM. Supposing you don't have a graphical interface, use a response file with the following parameters:
$ cat client.rsp oracle.install.responseFileVersion=/oracle/install/rspfmt_clientinstall_response_schema_v12.2.0 UNIX_GROUP_NAME=oinstall INVENTORY_LOCATION=/u01/app/oraInventory ORACLE_HOME=/u01/app/oracle/product/12.2.0.1/client_1 ORACLE_BASE=/u01/app/oracle oracle.install.client.installType=Custom oracle.install.client.customComponents=oracle.network.cman:12.2.0.1.0
Then simply call:
$ ./client/runInstaller -responseFile ~/client.rsp -silent Starting Oracle Universal Installer... Checking Temp space: must be greater than 415 MB. Actual 11003 MB Passed Checking swap space: must be greater than 150 MB. Actual 4095 MB Passed Preparing to launch Oracle Universal Installer from /tmp/OraInstall2018-01-17_06-24-40PM. Please wait ... [WARNING] [INS-13014] Target environment does not meet some optional requirements. CAUSE: Some of the optional prerequisites are not met. See logs for details. installActions2018-01-17_06-24-40PM.log ACTION: Identify the list of failed prerequisite checks from the log: installActions2018-01-17_06-24-40PM.log. Then either from the log file or from installation manual find the appropriate configuration to meet the prerequisites and fix it manually. You can find the log of this install session at: /u01/app/oraInventory/logs/installActions2018-01-17_06-24-40PM.log The installation of Oracle Client 12c was successful. Please check '/u01/app/oraInventory/logs/silentInstall2018-01-17_06-24-40PM.log' for more details. As a root user, execute the following script(s): 1. /u01/app/oraInventory/orainstRoot.sh 2. /u01/app/oracle/product/12.2.0.1/client_1/root.sh Successfully Setup Software.
Run the 2 scripts as root and you are all set.
Now next step is to configure the Connection Manager. It's also a pretty easy task. Create a file called cman.ora in $ORACLE_HOME/network/admin folder:
$ cat $ORACLE_HOME/network/admin/cman.ora
CMAN_exaocm01 =
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=exaocm01)(PORT=1521))
(RULE_LIST=
(RULE=(SRC=10.10.0.0/16)(DST=129.10.10.0/27)(SRV=*)(ACT=accept))
(RULE=(SRC=opcexaocm01)(DST=127.0.0.1)(SRV=cmon)(ACT=accept))
)
(PARAMETER_LIST=
# (ASO_AUTHENTICATION_FILTER=ON)
(CONNECTION_STATISTICS=YES)
# (EVENT_GROUP=INIT_AND_TERM,MEMORY_OPS,PROCESS_MGMT)
(IDLE_TIMEOUT=3600)
(INBOUND_CONNECT_TIMEOUT=10)
# (LOG_DIRECTORY=/home/user/network/admin/log)
(LOG_LEVEL=ADMIN)
# (MAX_CMCTL_SESSIONS=6)
(MAX_CONNECTIONS=100)
(MAX_GATEWAY_PROCESSES=20)
(MIN_GATEWAY_PROCESSES=5)
(OUTBOUND_CONNECT_TIMEOUT=10)
# (REMOTE_ADMIN=NO)
# (SESSION_TIMEOUT=60)
# (TRACE_DIRECTORY=/home/user/network/admin/trace)
# (TRACE_FILELEN=100)
# (TRACE_FILENO=2)
# (TRACE_LEVEL=SUPPORT)
# (TRACE_TIMESTAMP=ON)
)
)
REGISTRATION_INVITED_NODES_cman_exaocm01=(129.10.10.0/27)
Some points:
- The name of configuration should be CMAN_hostname to be the default one when you call cmctl utility.
- I'm allowing in the Rule list all the clients on my IAAS VLan network to connect to the ExaCS Client IP through this machine.
- I'm also allowing this own server to configure OCM.
- In last row, I'm permitting the ExaCS to register services in this OCM server.
Note that depending on the number of connections you are routing, the value for max connections and gateway processes must be adapted.
After everything is set, I can now start the OCM gateways:
$ cmctl CMCTL for Linux: Version 12.2.0.1.0 - Production on 19-JAN-2018 20:41:51 Copyright (c) 1996, 2016, Oracle. All rights reserved. Welcome to CMCTL, type "help" for information. CMCTL> administer Current instance CMAN_exaocm01 is not yet started Connections refer to (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=exaocm01)(PORT=1521))). The command completed successfully. CMCTL:CMAN_exaocm01> startup Starting Oracle Connection Manager instance CMAN_exaocm01. Please wait... CMAN for Linux: Version 12.2.0.1.0 - Production Status of the Instance ---------------------- Instance name cman_exaocm01 Version CMAN for Linux: Version 12.2.0.1.0 - Production Start date 19-JAN-2018 20:41:56 Uptime 0 days 0 hr. 0 min. 9 sec Num of gateways started 5 Average Load level 0 Log Level ADMIN Trace Level OFF Instance Config file /u01/app/oracle/product/12.2.0.1/client_1/network/admin/cman.ora Instance Log directory /u01/app/oracle/diag/netcman/exaocm01/cman_exaocm01/alert Instance Trace directory /u01/app/oracle/diag/netcman/exaocm01/cman_exaocm01/trace The command completed successfully. CMCTL:CMAN_exaocm01> exit
Good. Now all do all those same steps for exaocm02: install the client, configure the cman.ora and start the service, only changing the hostname accordingly.
2. Configuring the Database to Register Services on both OCMs machines
This step is very straight forward. All you need is to configure additional remote listeners to the database services running on your ExaCS. To do that, just log in and check the current value:
$ sqlplus / as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Fri Jan 19 20:50:37 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 12c EE Extreme Perf Release 12.1.0.2.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label Security,
OLAP, Advanced Analytics and Real Application Testing options
SQL> show parameter remote_listener
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_listener string lpclscan-c1r101.us6.oracleclou
d.com:1521
SQL>
Now update it adding the 2 OCMs in the remote_listener configuration:
SQL> alter system set remote_listener='lpclscan-c1r101.us6.oraclecloud.com:1521','exaocm01:1521','exaocm02:1521' scope=both sid='*'; System altered. SQL> alter system register; System altered.
PS: Note here that I'm using exaocm01 and exaocm02 instead of the IP addresses. To make it work, you need to create entries for both machines on the /etc/hosts of your DB Nodes. Otherwise keep the raw IP addresses.
Now to check if the database instance was correctly registered on the OCMs. To validate just print the listener status:
$ lsnrctl status LSNRCTL for Linux: Version 12.2.0.1.0 - Production on 19-JAN-2018 21:08:56 Copyright (c) 1991, 2016, Oracle. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=exaocm01)(PORT=1521))) STATUS of the LISTENER ------------------------ Alias cman_exaocm01 Version TNSLSNR for Linux: Version 12.2.0.1.0 - Production Start Date 19-JAN-2018 20:41:56 Uptime 0 days 0 hr. 26 min. 59 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/oracle/product/12.2.0.1/client_1/network/admin/cman.ora Listener Log File /u01/app/oracle/diag/netcman/exaocm01/cman_exaocm01/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=exaocm01)(PORT=1521))) Services Summary... Proxy service "cmgw" has 1 instance(s). Instance "cman", status READY, has 5 handler(s) for this service... Service "RJOPC01.us6.oraclecloud.com" has 2 instance(s). Instance "RJOPC011", status READY, has 1 handler(s) for this service... Instance "RJOPC012", status READY, has 1 handler(s) for this service... Service "RJOPC01XDB.us6.oraclecloud.com" has 2 instance(s). Instance "RJOPC011", status READY, has 1 handler(s) for this service... Instance "RJOPC012", status READY, has 1 handler(s) for this service... Service "cmon" has 1 instance(s). Instance "cman", status READY, has 1 handler(s) for this service... Service "pdb1.us6.oraclecloud.com" has 2 instance(s). Instance "RJOPC011", status READY, has 1 handler(s) for this service... Instance "RJOPC012", status READY, has 1 handler(s) for this service... The command completed successfully
Perfect! Remember you can also configure several different databases in different servers to do the same, making your OCMs servers a middle tier proxy server for all.
3. Configuring the client to connect through OCMs
Finally the last part is to configure your clients to access your services running on ExaCS through the OCM machines.
To accomplish that, simply create a TNS entry pointing to both, as below:
RJOPC01 =
(DESCRIPTION =
(FAILOVER = ON)
(LOAD_BALANCE = ON)
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = exaocm01)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = exaocm02)(PORT = 1521)))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = RJOPC01.us6.oraclecloud.com)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
(DELAY = 5)
(RETRIES = 100)
)))
PS: Note here that I'm using exaocm01 and exaocm02 instead of the IP addresses. To make it work, you need to create entries for both machines on the /etc/hosts of your client. Otherwise keep the raw IP addresses.
And what if you have a Dataguard environment with Fast-Start Failover enabled and want your TNS to be transparently aware of node failover? In this case your TNS would be:
RJOPC01 =
(DESCRIPTION =
(FAILOVER = ON)
(ADDRESS_LIST =
(LOAD_BALANCE = ON)
(FAILOVER = ON)
(ADDRESS = (PROTOCOL = TCP)(HOST = ocmexa01)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = ocmexa02)(PORT = 1521)))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = exadg)(PORT = 1521)))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = RJOPC01.us6.oraclecloud.com)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
(DELAY = 5)
(RETRIES = 100)
)))
Meaning that oracle would first try to load balance and failover between both OCMs to only then failover to your DG environment.
4. Conclusion
After everything set, all you gotta do is connect transparently to your database using sqlplus/jdbc/etc using the TNS alias. I strongly recommend also running the swingbench tool to ensure the performances you have before/after the OCMs are acceptable.
$ ./charbench -c ~/my.conf Author : Dominic Giles Version : 2.6.0.1076 Results will be written to results.xml. Hit Return to Terminate Run... Time Users TPM TPS 12:11:38 PM 4 98842 1694Have you enjoyed? Please leave a comment or give a 👍!
