Bypassing the listener and connecting to ASM without a password from Python code

Requirement

I was asked to have smart code that can connect to a local ASM instance without the need for any prior preparations like setting up the listener or any other changes in the database. And even do this without a password!

Problems

Listener

If there is already a listener that uses the default port (i.e. 1521), the ASM can register itself dynamically to the listener with no need to configure anything. But on systems that use ports other than 1521, the listener is not registered automatically. We could set the parameter LOCAL_LISTENER like this:
SQL> alter system set local_listener='(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.3.40)(PORT=1521))';
But, I was asked to do no prior configuration.

Password

Using SQL*Plus we have the option to connect to the database locally Using Password File Authentication with no need to setup a listener and without using a password in the connection string.
$ export ORACLE_SID=+ASM
$ sqlplus / as sysdba

SQL*Plus: Release 12.2.0.1.0 Production on Tue Dec 5 20:19:06 2017

Copyright (c) 1982, 2016, Oracle.  All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

SYS@+ASM:SQL> 
But, I was asked to connect from code, not SQL*Plus.

The solution

We can accomplish this by using the Bequeath Protocol.
From Oracle documentation:
The Bequeath technique enables clients to connect to a database without using the network listener.

Is used for local connections where an Oracle Database client application … communicates with an Oracle Database instance running on the same computer.
The restrictions are:
  • Listener
    • The code will run from the database server.
    • The ASM is not configured as Flex ASM.
  • Password
    • The code will run from the same user ID as the DBA user ID.
We will start testing this protocol by connecting from SQL*Plus as a test case, and then moving to a Python code example.
Using the grid infrastructure owner (usually oracle or grid), we will add the following line to the grid home tnsnames.ora file:
ASM_BEQ =
(DESCRIPTION =
    (ADDRESS_LIST =
        (ADDRESS =
            (PROTOCOL=BEQ)
            (PROGRAM=oracle)
            (ARGV0=oracle+ASM)
            (ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))')
        )
    )
    (CONNECT_DATA=
        (SID=+ASM)
    )
)
Connect, using sqlplus
$ sqlplus /@ASM_BEQ as sysdba

SQL*Plus: Release 12.2.0.1.0 Production on Tue Dec 5 19:43:42 2017

Copyright (c) 1982, 2016, Oracle.  All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

SYS@ASM_BEQ:SQL> select INSTANCE_NAME,VERSION,DATABASE_STATUS,INSTANCE_ROLE,INSTANCE_MODE,ACTIVE_STATE from v$instance;

INSTANCE     DATABASE       INSTANCE INSTANCE    ACTIVE
NAME VERSION    STATUS       ROLE MODE      STATE
-------- ---------- ----------------- ------------------ ----------- ---------
+ASM 12.2.0.1.0 ACTIVE       UNKNOWN REGULAR     NORMAL
Now, lets create a small connection test script in Python:
$ cat test_connection.py
#!/usr/bin/python

import os
import cx_Oracle

db = '+ASM'
oracle_home = '/oracle/product/12.2.0.1/grid'
os.environ['ORACLE_SID'] = db
os.environ['ORACLE_HOME'] = oracle_home
os.environ['PATH'] = oracle_home + '/bin'
print os.environ['ORACLE_SID']
dsn = '/@(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL=BEQ) (PROGRAM=oracle) (ARGV0=oracle' + db + ") (ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))) (CONNECT_DATA=(SID=" + db + ')))'
con = cx_Oracle.connect(dsn, mode=cx_Oracle.SYSDBA)
cur = con.cursor()
cur.execute('select INSTANCE_NAME,VERSION,DATABASE_STATUS,INSTANCE_ROLE,INSTANCE_MODE,ACTIVE_STATE from v$instance')

for result in cur:
    print result
cur.close()
con.close()
Running the code:
$ ./test_connection.py
+ASM
('+ASM', '12.2.0.1.0', 'ACTIVE', 'UNKNOWN', 'REGULAR', 'NORMAL')
We now have a working solution 😊

Comments

Post a Comment

Popular posts from this blog

Silent Installation

Some times there are problems using installation with GUI, the reason can be: 1. Firewall 2. Unix security 3. Client software (missing or not working( and maybe some more reasons If your environment is cooperative helping you solve this - it is simple - go for it. But if you are on your own and can't reach "the right guys" - do it yourself " Silently " Look for the proper response file fits for your needs in /database/response/ Edit it and run the following command: $ ./runInstaller -force -invPtrLoc /oraInst.loc -silent -noconfig -ignoreSysPrereqs -responseFile /database/response/enterprise.rsp You can also run the installer without a response file as mentioned in Metalink Note 782918.1 $ ./runInstaller -silent -force -debug \ FROM_LOCATION="/mount/dvd/database/stage/products.xml" \ ORACLE_HOME="/u01/app/oracle/product/11.1.0/db_1" \ ORACLE_HOME_NAME="Ora11gDb1" ORACLE_BASE="/u01/app/oracle" \ TOPLEVEL_COMPONENT='{&q
Read more

Data Guard - Changing IP Addresses

Image
When changing IP of a host we should update/recheck the following places: /etc/hosts or DNS listener.ora tnsnames.ora Database parameters (local_listener, remote_listener) Data Guard configuration This document is also relevant when changing the IP address of the connection between the hosts, other than the original IP addresses we used during the installation. When installation is done using the hostname and not the IP address, most of the changes are not relevant except for /etc/hosts. In this document, I will describe how to change the Data Guard Broker configuration. Dataguard configuration Show the environment DGMGRL> show configuration Configuration - dr   Protection Mode: MaxAvailability   Members:   pdb7 - Primary database     fdb7 - Far sync instance       sdb7 - Physical standby database Fast-Start Failover: DISABLED Configuration Status: SUCCESS   (status updated 351 seconds ago) Show detailed information of the Primary
Read more

Fixing & Registering ORACLE_HOMES in Central Inventory

Central Inventory location is determined by oraInst.loc located in: HP/Solaris /var/opt/oracle/oraInst.loc Linux /etc/oraInst.loc Windows \\HKEY_LOCAL_MACHINE\Software\Oracle\inst_loc To check if all oracle homes are registered within the Central Inventory run the following command: ${ORACLE_HOME}/oui/bin/opatch lsinventory -all Invoking OPatch 10.2.0.3.0 Oracle interim Patch Installer version 10.2.0.3.0 Copyright (c) 2005, Oracle Corporation. All rights reserved.. Oracle Home : /software/oracle/OEM10gR2/agent10g Central Inventory : /software/oracle/oraInventory from : /var/opt/oracle/oraInst.loc OPatch version : 10.2.0.3.0 OUI version : 10.2.0.3.0 OUI location : /software/oracle/OEM10gR2/agent10g/oui Log file location : /software/oracle/OEM10gR2/agent10g/cfgtoollogs/opatch/opatch....log Lsinventory Output file location : /software/oracle/OEM10gR2/agent10g/cfgtoollogs/....lsinventory.....txt ----------------------------------... List of Oracle Homes:
Read more