1. 我们计划将端口修改为6001,首先我们需要确认这个端口是否被使用
[root@node211g ~]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 4543 root 3u IPv4 16317 TCP *:ssh (LISTEN)
sshd 16000 root 3r IPv4 57216374 TCP node211g:ssh->node111g:56437 (ESTABLISHED) <<<<<<<22端口呗ssh使用
sshd 16004 oracle 3u IPv4 57216374 TCP node211g:ssh->node111g:56437 (ESTABLISHED)
sshd 17907 root 3r IPv4 57462432 TCP node211g:ssh->node111g:59861 (ESTABLISHED)
sshd 17911 oracle 3u IPv4 57462432 TCP node211g:ssh->node111g:59861 (ESTABLISHED)
[root@node211g ~]# lsof -i:1521
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
oracle 1437 oracle 14u IPv4 68052787 TCP node211g:20651->node-cluster-scan:ncube-lm (ESTABLISHED) <<<<<<1521端口被scan使用
oracle 14412 grid 15u IPv4 1313392 TCP node211g:34873->node-cluster-scan:ncube-lm (ESTABLISHED)
tnslsnr 14882 grid 16u IPv4 1332718 TCP node211g:ncube-lm (LISTEN)
tnslsnr 14882 grid 17u IPv4 1332719 TCP node211g-vip:ncube-lm (LISTEN)
[root@node211g ~]# lsof -i:6001
6001端口没有被使用
2. 同时在两个节点增加Port 6001 到SSH配置文件中
[root@node111g ~]# vi /etc/ssh/sshd_config
#Port 22
Port 6001
#Protocol 2,1
Protocol 2
3. 重启ssh服务,让端口生效
[root@node111g ~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@node211g ~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
4.查看端口,已经被SSH使用
[root@node111g ~]# lsof -i:6001
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 28964 root 3u IPv4 111172702 TCP *:6001 (LISTEN)
[root@node211g ~]# lsof -i:6001
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 18371 root 3u IPv4 70993328 TCP *:6001 (LISTEN)
[root@node211g ~]#
5. 检查和测试端口,端口22已经无法连接
[oracle@node111g archive_log]$ ssh node111g
ssh: connect to host node111g port 22: Connection refused
[oracle@node111g archive_log]$ ssh node211g
ssh: connect to host node211g port 22: Connection refused
Part III 测试对RAC的影响
1. 通过端口6001连接,一切正常,RAC等价性也没有受到影响,这里说明SSH等价性是不会受端口的影响的。
这里可以简单理解为,node1和node2彼此有对方的访问秘钥的,只要对方有秘钥就行,不会关心从什么端口访问过来的
[oracle@node111g archive_log]$ ssh -p 6001 node211g
Last login: Fri Dec 19 10:19:05 2014 from node111g
[oracle@node211g ~]$ hostname
node211g
[oracle@node211g ~]$ exit
logout
Connection to node211g closed.
2. 端口已经修改成功,检查crs状态,一切正常
[grid@node111g ~]$ crsctl status res -t
--------------------------------------------------------------------------------
NAME TARGET STATE SERVER STATE_DETAILS
--------------------------------------------------------------------------------
Local Resources
--------------------------------------------------------------------------------
ora.DATA.dg
ONLINE ONLINE node111g
ONLINE ONLINE node211g
ora.DGROUP_01.dg
ONLINE ONLINE node111g
OFFLINE OFFLINE node211g
ora.FRA.dg
ONLINE ONLINE node111g
ONLINE ONLINE node211g
ora.LISTENER.lsnr
ONLINE ONLINE node111g
ONLINE ONLINE node211g
ora.LISTENER_TEST.lsnr
ONLINE ONLINE node111g
ONLINE ONLINE node211g
ora.OCR.dg
ONLINE ONLINE node111g
ONLINE ONLINE node211g
ora.VOTE3D.dg
ONLINE ONLINE node111g
OFFLINE OFFLINE node211g
ora.asm
ONLINE ONLINE node111g Started
ONLINE ONLINE node211g Started
ora.gsd
OFFLINE OFFLINE node111g
OFFLINE OFFLINE node211g
ora.net1.network
ONLINE ONLINE node111g
ONLINE ONLINE node211g
ora.ons
ONLINE ONLINE node111g
ONLINE ONLINE node211g
--------------------------------------------------------------------------------
Cluster Resources
--------------------------------------------------------------------------------
ora.TEST_SCAN1.lsnr
1 ONLINE ONLINE node111g
ora.cvu
1 ONLINE ONLINE node211g
ora.node111g.vip
1 ONLINE ONLINE node111g
ora.node211g.vip
1 ONLINE ONLINE node211g
ora.oc4j
1 ONLINE ONLINE node211g
ora.orcl.db
1 ONLINE ONLINE node111g Open
2 ONLINE ONLINE node211g Open
ora.orcl.romi.svc
1 ONLINE ONLINE node111g
ora.orcl.test.svc
1 ONLINE ONLINE node211g
2 ONLINE ONLINE node111g
ora.scan1.vip
1 ONLINE ONLINE node111g