We make use Oracle Connection Manager to control client access to our database servers, it’s pretty cool technology that I’m always surprised how few people are aware of its existence.
Our installed version is 12.1, and this is unable to communicate with our newly upgraded 12.2 instance, so I have been working through installing the latest version. On starting the instance up, I noticed that no services were being registered, and the log contained multiple entries like the following:
Listener(VNCR option 1) rejected Registration request from destination 23-MAR-2017 14:37:37 * service_register_NSGR * 1182 TNS-01182: Listener rejected registration of service ""
This functionality is described here:
Starting with this release, valid node checking for registration is enabled by default in Oracle Connection Manager. By default, only the databases on local node are allowed to register with Oracle Connection Manager. The databases on remote node can be permitted or denied to register with Oracle Connection Manager through the use of parameters REGISTRATION_INVITED_NODES and REGISTRATION_EXCLUDED_NODES.
REGISTRATION_EXCLUDED_NODES = (10.1.26.*, 10.16.40.0/24, \ 2001:DB8:3eff:fe38, node2) REGISTRATION_INVITED_NODES = (10.1.35.*, 10.1.34.0/24, \ 2001:DB8:fe38:7303, node1)
Based on that example I updated the cman.ora configuration to include a valid node. Note that 255.255.255.255 is just an example for testing. Note also that I have configured cman to listen on a non-default port, 999, rather than the default of 1521.
cman_vmhklftdbocmdv2.alpha.lftltd.net = (configuration= (address=(protocol=tcp)(host=vmhklftdbocmdv2.alpha.lftltd.net)(port=999)) (parameter_list = (registration_invited_nodes = (255.255.255.255)) (connection_statistics=yes) (log_level=user) (trace_level=user) (trace_filelen=1000) (trace_fileno=3) (idle_timeout=14400) ) (rule_list= (rule= (src=vmhklftdbocmdv2.alpha.lftltd.net)(dst=::1)(srv=cmon)(act=accept)) ) )
Note when I run connection manager, it has picked up the default port of 1521, rather than 999 which I specified:
-bash-4.1$ cmctl CMCTL for Linux: Version 18.104.22.168.0 - Production on 23-MAR-2017 16:08:03 Copyright (c) 1996, 2016, Oracle. All rights reserved. Welcome to CMCTL, type "help" for information. CMCTL> administer Current instance CMAN_vmhklftdbocmdv2.alpha.lftltd.net is not yet started Connections refer to (ADDRESS=(PROTOCOL=TCP)(HOST=vmhklftdbocmdv2)(PORT=1521)). The command completed successfully. CMCTL:CMAN_vmhklftdbocmdv2.alpha.lftltd.net>
Basically what has happened is that cman has parsed the cman.ora file, and it doesn’t like the invited_nodes list to be in parentheses. Rather than throwing out an error it just continues with default values.
I remove the brackets, and adding an extra IP address just for fun:
(registration_invited_nodes = 22.214.171.124, 255.255.255.255)
When connecting now, observe that the settings from the parameter file are being used (note the non-default port, 999):
-bash-4.1$ cmctl CMCTL for Linux: Version 126.96.36.199.0 - Production on 23-MAR-2017 16:12:16 Copyright (c) 1996, 2016, Oracle. All rights reserved. Welcome to CMCTL, type "help" for information. CMCTL> administer Current instance CMAN_vmhklftdbocmdv2.alpha.lftltd.net is not yet started Connections refer to (DESCRIPTION=(address=(protocol=tcp)(host=vmhklftdbocmdv2.alpha.lftltd.net)(port=999))). The command completed successfully. CMCTL:CMAN_vmhklftdbocmdv2.alpha.lftltd.net>
I observed the same behavior with REGISTRATION_EXCLUDED_NODES.
While I was in the area, I also noticed that the described default value for VALID_NODE_CHECKING_REGISTRATION appears to be wrong. The documentation specified that the default value is off, which contradicts the previously highlighted section of the documentation, and my own testing.
I’m off to file a couple of documentation bugs…