一、SQLPlus网络配置概述
SQLPlus是Oracle数据库的命令行客户端工具,其网络配置决定了客户端如何连接到远程Oracle数据库服务器。在Debian系统上,SQLPlus的网络配置主要通过Oracle Net Services组件实现,核心配置文件包括:
| 配置文件 | 路径 | 作用 |
|---|---|---|
| tnsnames.ora | $ORACLE_HOME/network/admin/ | 定义数据库连接标识符 |
| sqlnet.ora | $ORACLE_HOME/network/admin/ | 全局网络参数配置 |
| listener.ora | 服务器端 | 监听程序配置(仅服务端) |
1.1 Oracle网络连接流程
SQLPlus客户端 → 读取sqlnet.ora → 查找tnsnames.ora → 解析连接描述符 →
连接监听器(listener) → 建立数据库会话
二、Debian安装Oracle Instant Client
2.1 下载与安装
# 1. 下载Oracle Instant Client(Basic + SQLPlus + Tools)
# 访问:https://www.oracle.com/database/technologies/instant-client/downloads.html
# 选择Linux x86-64版本
# 2. 创建安装目录
sudo mkdir -p /opt/oracle
# 3. 解压安装包
cd /opt/oracle
sudo unzip instantclient-basic-linux.x64-21.15.0.0.0dbru.zip
sudo unzip instantclient-sqlplus-linux.x64-21.15.0.0.0dbru.zip
sudo unzip instantclient-tools-linux.x64-21.15.0.0.0dbru.zip
# 4. 配置环境变量
sudo tee /etc/profile.d/oracle.sh <<EOF
export ORACLE_HOME=/opt/oracle/instantclient_21_15
export PATH=\$PATH:\$ORACLE_HOME
export LD_LIBRARY_PATH=\$ORACLE_HOME:\$LD_LIBRARY_PATH
export TNS_ADMIN=\$ORACLE_HOME/network/admin
EOF
source /etc/profile.d/oracle.sh
# 5. 安装依赖库
sudo apt install -y libaio1 libaio-dev
# 6. 验证安装
sqlplus -version
2.2 创建配置文件目录
# 创建网络配置目录
sudo mkdir -p $ORACLE_HOME/network/admin
# 创建tnsnames.ora
sudo touch $ORACLE_HOME/network/admin/tnsnames.ora
# 创建sqlnet.ora
sudo touch $ORACLE_HOME/network/admin/sqlnet.ora
# 设置权限
sudo chmod -R 755 $ORACLE_HOME/network/admin
三、tnsnames.ora配置详解
3.1 基本语法结构
连接标识符 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 数据库主机IP)(PORT = 端口号))
)
(CONNECT_DATA =
(SERVICE_NAME = 服务名)
)
)
3.2 单实例数据库配置
# $ORACLE_HOME/network/admin/tnsnames.ora
# 基础配置(SERVICE_NAME方式)
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.100)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = orcl.example.com)
)
)
# 使用SID方式(旧版数据库)
ORCL_SID =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.100)(PORT = 1521))
(CONNECT_DATA =
(SID = ORCL)
)
)
3.3 多地址故障转移配置(Failover)
# 主库+备库自动故障转移
ORCL_FAILOVER =
(DESCRIPTION =
(LOAD_BALANCE = OFF)
(FAILOVER = ON)
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.100)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.101)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = orcl.example.com)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
(RETRIES = 3)
(DELAY = 5)
)
)
)
故障转移参数说明:
| 参数 | 值 | 说明 |
|---|---|---|
| TYPE | SESSION | 仅转移会话(非SELECT场景) |
| TYPE | SELECT | SELECT语句也转移 |
| METHOD | BASIC | 连接失败时才创建备连接 |
| METHOD | PRECONNECT | 预先建立备连接(更快但占资源) |
| RETRIES | 数字 | 重试次数 |
| DELAY | 数字(秒) | 重试间隔 |
3.4 负载均衡配置
# RAC集群负载均衡
ORCL_RAC =
(DESCRIPTION =
(LOAD_BALANCE = ON)
(FAILOVER = ON)
(ADDRESS = (PROTOCOL = TCP)(HOST = rac-node1)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = rac-node2)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = rac-node3)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = orcl_rac.example.com)
)
)
3.5 多个数据库配置
# 开发环境
DEV_DB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = dev-db.example.com)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = dev.example.com)
)
)
# 测试环境
TEST_DB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = test-db.example.com)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = test.example.com)
)
)
# 生产环境
PROD_DB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = prod-db.example.com)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = prod.example.com)
)
)
四、sqlnet.ora配置详解
4.1 常用配置项
# $ORACLE_HOME/network/admin/sqlnet.ora
# 默认域名
NAMES.DEFAULT_DOMAIN = example.com
# 命名方法优先级
NAMES.DIRECTORY_PATH = (TNSNAMES, EZCONNECT, HOSTNAME)
# 连接超时(秒)
SQLNET.OUTBOUND_CONNECT_TIMEOUT = 10
# 传输超时(秒)
SQLNET.TRANSPORT_CONNECT_TIMEOUT = 3
# 启用死连接检测
SQLNET.EXPIRE_TIME = 10
# 日志配置
LOG_DIRECTORY_CLIENT = /var/log/oracle
LOG_FILE_CLIENT = sqlnet.log
# 跟踪配置(调试用)
# TRACE_LEVEL_CLIENT = SUPPORT
# TRACE_DIRECTORY_CLIENT = /var/log/oracle/trace
# TRACE_FILE_CLIENT = sqlnet_trace
4.2 安全配置
# 禁用不安全的认证方式
SQLNET.ALLOWED_LOGON_VERSION_SERVER = 12
SQLNET.ALLOWED_LOGON_VERSION_CLIENT = 12
# 启用加密
SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256, AES128)
# 启用完整性校验
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA256)
五、连接数据库
5.1 使用tnsnames.ora连接
# 使用tnsnames.ora中定义的连接标识符
sqlplus username/password@ORCL
# 不暴露密码(推荐)
sqlplus username@ORCL
# 然后输入密码
# 使用sysdba权限连接
sqlplus sys/password@ORCL as sysdba
5.2 使用EZCONNECT方式连接
# EZCONNECT格式:username/password@host:port/service_name
sqlplus username/password@192.168.1.100:1521/orcl.example.com
# 简写(使用默认端口1521)
sqlplus username/password@192.168.1.100/orcl.example.com
5.3 使用完整连接字符串
# 不依赖tnsnames.ora的完整连接方式
sqlplus username/password@"(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.100)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=orcl.example.com)))"
六、网络连接测试与排查
6.1 tnsping测试
# 测试tnsnames.ora中的连接配置
tnsping ORCL
# 成功输出示例:
# TNS Ping Utility for Linux: Version 21.0.0.0.0
# Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.100)(PORT = 1521)) (CONNECT_DATA = (SERVICE_NAME = orcl.example.com)))
# OK (20 msec)
# 指定次数测试
tnsping ORCL 5
6.2 端口连通性测试
# 测试监听端口是否可达
nc -zv 192.168.1.100 1521
# 使用telnet测试
telnet 192.168.1.100 1521
# 使用curl测试
curl -v telnet://192.168.1.100:1521
6.3 常见错误与解决
| 错误代码 | 原因 | 解决方案 |
|---|---|---|
| ORA-12154 | tnsnames.ora配置错误或找不到 | 检查TNS_ADMIN和文件内容 |
| ORA-12514 | SERVICE_NAME不匹配 | 确认服务名:lsnrctl status |
| ORA-12541 | 监听器未启动 | 启动监听:lsnrctl start |
| ORA-12170 | 连接超时 | 检查防火墙、网络连通性 |
| ORA-28040 | 认证协议不匹配 | 调整sqlnet.ora中ALLOWED_LOGON_VERSION |
| ORA-12560 | 协议适配器错误 | 检查ORACLE_HOME和LD_LIBRARY_PATH |
6.4 完整排查流程
#!/bin/bash
# SQLPlus网络连接排查脚本
echo "== SQLPlus网络连接排查 =="
# 1. 检查环境变量
echo -e "\n[1] 环境变量检查"
echo "ORACLE_HOME: $ORACLE_HOME"
echo "TNS_ADMIN: $TNS_ADMIN"
echo "LD_LIBRARY_PATH: $LD_LIBRARY_PATH"
# 2. 检查配置文件
echo -e "\n[2] 配置文件检查"
if [ -f "$TNS_ADMIN/tnsnames.ora" ]; then
echo "✅ tnsnames.ora 存在"
echo "内容预览:"
head -20 $TNS_ADMIN/tnsnames.ora
else
echo "❌ tnsnames.ora 不存在"
fi
# 3. 检查端口连通性
echo -e "\n[3] 端口连通性检查"
nc -zv 192.168.1.100 1521 2>&1
# 4. tnsping测试
echo -e "\n[4] tnsping测试"
tnsping ORCL 2>&1
# 5. 检查DNS解析
echo -e "\n[5] DNS解析检查"
nslookup db-server.example.com 2>&1
echo -e "\n== 排查完成 =="
七、自动化配置脚本
#!/bin/bash
# Oracle Instant Client自动配置脚本(Debian)
ORACLE_BASE="/opt/oracle"
CLIENT_DIR="$ORACLE_BASE/instantclient_21_15"
TNS_ADMIN="$CLIENT_DIR/network/admin"
# 创建tnsnames.ora
sudo tee $TNS_ADMIN/tnsnames.ora <<EOF
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = \${DB_HOST:-192.168.1.100})(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = \${DB_SERVICE:-orcl.example.com})
)
)
EOF
# 创建sqlnet.ora
sudo tee $TNS_ADMIN/sqlnet.ora <<EOF
NAMES.DIRECTORY_PATH = (TNSNAMES, EZCONNECT)
SQLNET.OUTBOUND_CONNECT_TIMEOUT = 10
SQLNET.TRANSPORT_CONNECT_TIMEOUT = 3
SQLNET.EXPIRE_TIME = 10
EOF
echo "✅ 配置完成"
echo "连接命令:sqlplus username/password@ORCL"
八、安全最佳实践
8.1 连接安全
- 使用TLS/SSL加密连接(配置sqlnet.ora中ENCRYPTION参数)
- 禁用弱认证协议(设置ALLOWED_LOGON_VERSION ≥ 12)
- 不在命令行暴露密码,使用钱包(Wallet)或环境变量
8.2 配置文件安全
# 限制配置文件权限
chmod 600 $TNS_ADMIN/tnsnames.ora
chmod 600 $TNS_ADMIN/sqlnet.ora
chown oracle:oinstall $TNS_ADMIN/*.ora
# 审计连接日志
# 在sqlnet.ora中启用日志
# LOG_DIRECTORY_CLIENT = /var/log/oracle
# LOG_FILE_CLIENT = sqlnet.log
8.3 使用Oracle Wallet存储凭证
# 创建钱包
mkstore -wrl $ORACLE_HOME/wallet -create
# 添加数据库凭证
mkstore -wrl $ORACLE_HOME/wallet -createCredential ORCL username password
# 在sqlnet.ora中配置钱包
echo "WALLET_LOCATION = (SOURCE = (METHOD = FILE)(METHOD_DATA = (DIRECTORY = \$ORACLE_HOME/wallet)))" >> $TNS_ADMIN/sqlnet.ora
echo "SQLNET.WALLET_OVERRIDE = TRUE" >> $TNS_ADMIN/sqlnet.ora
# 无密码连接
sqlplus /@ORCL
九、总结
| 配置步骤 | 关键操作 | 说明 |
|---|---|---|
| 安装客户端 | 安装Instant Client | Basic + SQLPlus + Tools |
| 环境变量 | ORACLE_HOME, TNS_ADMIN, LD_LIBRARY_PATH | 必须正确配置 |
| tnsnames.ora | 定义连接描述符 | 指定主机、端口、服务名 |
| sqlnet.ora | 全局网络参数 | 超时、安全、日志配置 |
| 连接测试 | tnsping + nc | 验证配置正确性 |
核心命令速查:
# 连接数据库
sqlplus username/password@ORCL
# 测试连接
tnsping ORCL
# 检查端口
nc -zv db-host 1521
# 查看环境变量
echo $TNS_ADMIN
注:本文基于Oracle Instant Client 21c编写,不同版本路径可能略有不同。生产环境建议使用Oracle Wallet管理凭证,避免密码泄露。