RAC开启系统防火墙配置

1、查询rac节点ip信息

[root@gaczhracdb02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:9d:6e:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.8.98.103/24 brd 10.8.98.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 10.8.98.105/24 brd 10.8.98.255 scope global secondary ens160:1
       valid_lft forever preferred_lft forever
    inet6 fe80::35b2:ae16:822a:e40b/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:9d:a0:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.103/24 brd 192.168.1.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet 169.254.250.37/16 brd 169.254.255.255 scope global ens192:1
       valid_lft forever preferred_lft forever
    inet6 fe80::9a24:1326:a45f:c78a/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@gaczhracdb02 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.8.98.102  gaczhracdb01
10.8.98.103  gaczhracdb02

10.8.98.104  gaczhracdb01-vip
10.8.98.105  gaczhracdb02-vip

10.8.98.101  gaczhracdb-scan

192.168.1.102   gaczhracdb01-priv
192.168.1.103   gaczhracdb02-priv


[root@gaczhracdb02 ~]#

集群节点用到的ip

10.8.98.101-105      数据库集群物理IP,vip,scan ip

192.168.1.102-103  数据库集群私网ip

169.254.0.0/16        数据库集群给自己分配的IP段(也需要加,不然crs通讯有问题)

 

俩节点需要防火墙添加的规则,简单点讲就是俩节点互信

firewall-cmd --zone=trusted --add-source=10.8.98.101 --permanent
firewall-cmd --zone=trusted --add-source=10.8.98.102 --permanent
firewall-cmd --zone=trusted --add-source=10.8.98.103 --permanent
firewall-cmd --zone=trusted --add-source=10.8.98.104 --permanent
firewall-cmd --zone=trusted --add-source=10.8.98.105 --permanent

firewall-cmd --zone=trusted --add-source=192.168.1.102 --permanent
firewall-cmd --zone=trusted --add-source=192.168.1.103 --permanent

firewall-cmd --zone=trusted --add-source=169.254.0.0/16 --permanent

对外提供服务是1521
firewall-cmd --zone=public --add-port=1521/tcp --permanent
firewall-cmd --reload
systemctl enable firewalld

 

posted @ 2023-08-11 16:07  海和风  阅读(181)  评论(0)    收藏  举报