一、加密trial文件
根据官方文档的解释,我们通过在extract和replicattion进程中添加ENCRYPTTRAIL/DECRYPTTRAIL参数,来加密解密trail文件
eg:
没加密之前Extract的内容:
GGSCI (OE5) 55> view params extma
EXTRACT extma
userid GoldenGate@orcl1, password GoldenGate
setenv (NLS_LANG="AMERICAN_AMERICA.WE8ISO8859P1")
GETTRUNCATES
REPORTCOUNT EVERY 1 MINUTES, RATE
numfiles 50000
DISCARDFILE ./dirrpt/extma.dsc,APPEND,MEGABYTES 50
WARNLONGTRANS 2h,CHECKINTERVAL 3m
EXTTRAIL ./dirdat/ma
DBOPTIONS ALLOWUNUSEDCOLUMN
TRANLOGOPTIONS CONVERTUCS2CLOBS
DYNAMICRESOLUTION
table scott.* ;
Logdump 55 >open ./dirdat/ma000001
Current LogTrail is /opt/GoldenGate/orcl1/dirdat/ma000001
Logdump 56 >ghdr on
Logdump 57 >detail data
Logdump 58 >ggstoken detail
Logdump 59 >pos 0
Reading forward from RBA 0
Logdump 60 >n
Logdump 65 >n
___________________________________________________________________
Hdr-Ind : E (x45) Partition : . (x04)
UndoFlag : . (x00) BeforeAfter : A (x41)
RecLength : 23 (x0017) I/O Time : 2011/03/22 00:09:39.000.000
IOType : 5 (x05) OrigNode : 255 (xff)
TransInd : . (x00) FormatType : R (x52)
SyskeyLen : 0 (x00) Incomplete : . (x00)
AuditRBA : 2 AuditPos : 29881732
Continued : N (x00) RecCount : 1 (x01)
2011/03/22 00:09:39.000.000 Insert Len 23 RBA 1391
Name: SCOTT.TEST
After Image: Partition 4 G b
0000 0005 0000 0001 3100 0100 0a00 0000 066f 7261 | ........1........ora
636c 65 | cle
Column 0 (x0000), Len 5 (x0005)
0000 0001 31 | ....1
Column 1 (x0001), Len 10 (x000a)
0000 0006 6f72 6163 6c65 | ....oracle --可以明显的看到单词
GGS tokens:
TokenID x52 'R' ORAROWID Info x00 Length 20
4141 414d 3058 4141 4541 4141 4147 5741 4141 0001 | AAAM0XAAEAAAAGWAAA..
TokenID x4c 'L' LOGCSN Info x00 Length 6
3438 3937 3831 | 489781
TokenID x36 '6' TRANID Info x00 Length 8
392e 3130 2e32 3939 | 9.10.299
GGSCI (OE5) 55> view params extma
EXTRACT extma
userid GoldenGate@orcl1, password GoldenGate
setenv (NLS_LANG="AMERICAN_AMERICA.WE8ISO8859P1")
GETTRUNCATES
REPORTCOUNT EVERY 1 MINUTES, RATE
numfiles 50000
DISCARDFILE ./dirrpt/extma.dsc,APPEND,MEGABYTES 50
WARNLONGTRANS 2h,CHECKINTERVAL 3m
<span style="color:#ff0000;">ENCRYPTTRAIL</span>
EXTTRAIL ./dirdat/ma
DBOPTIONS ALLOWUNUSEDCOLUMN
TRANLOGOPTIONS CONVERTUCS2CLOBS
DYNAMICRESOLUTION
table scott.*
Logdump 66 >open ./dirdat/ma000002
Current LogTrail is /opt/GoldenGate/orcl1/dirdat/ma000002
Logdump 67 >ghdr on
Logdump 68 >detail data
Logdump 69 >ggstoken detail
Logdump 74 >n
___________________________________________________________________
Hdr-Ind : E (x45) Partition : . (x04)
UndoFlag : . (x00) BeforeAfter : A (x41)
RecLength : 24 (x0018) I/O Time : 2011/03/22 00:35:13.000.000
IOType : 5 (x05) OrigNode : 255 (xff)
TransInd : . (x01) FormatType : R (x52)
SyskeyLen : 0 (x00) Incomplete : . (x00)
AuditRBA : 2 AuditPos : 31891236
Continued : N (x00) RecCount : 1 (x01)
2011/03/22 00:35:13.000.000 Insert Len 24 RBA 1212
Name: SCOTT.TEST
After Image: Partition 4 G m
5e50 86ba af70 962b cc52 5bf9 a3f7 9760 7eda abd0 | ^P...p.+.R[....`~...
–加密后看到的是不可识别的密文
c092 111e | ....
Bad compressed block, found length of 34490 (x86ba), RBA 1212
GGS tokens:
TokenID x52 'R' ORAROWID Info x00 Length 20
4141 414d 3058 4141 4541 4141 4147 5741 4130 0001 | AAAM0XAAEAAAAGWAA0
下面是容灾端进程的参数和错误信息
GGSCI (OE5) 3> view params repma
REPLICAT repma
USERID GoldenGate@orcl2, PASSWORD GoldenGate
setenv (NLS_LANG="AMERICAN_AMERICA.WE8ISO8859P1")
--REPORT AT 01:59
REPORTCOUNT EVERY 30 MINUTES, RATE
REPERROR DEFAULT, abend
numfiles 50000
DBOPTIONS ALLOWUNUSEDCOLUMN
MAXTRANSOPS 500000
GROUPTRANSOPS 10000
CHECKPOINTSECS 40
--HANDLECOLLISIONS
assumetargetdefs
DISCARDFILE ./dirrpt/repma.dsc, APPEND, MEGABYTES 50
GETTRUNCATES
ALLOWNOOPUPDATES
map scott.* , target scott.* ;
-----ERROR信息―――――――
Source Context :
SourceModule : [ggstd.conv.endian]
SourceID : [/mnt/ecloud/workspace/Build_FBO_OpenSys_r11.1.1.0.11_001_[41228]/perforce/src/gglib/ggstd/lecnv.c]
SourceFunction : [convCompSQL]
SourceLine : [531]
ThreadBacktrace : [9] elements
: [/opt/GoldenGate/orcl2/replicat(CMessageContext::
AddThreadContext()+0x26) [0x82021d6]]
: [/opt/GoldenGate/orcl2/replicat(CMessageFactory::
CreateMessage(CSourceContext*, unsigned int, ...) +0x817) [0x81f8887]]
: [/opt/GoldenGate/orcl2/replicat(_MSG_ERR_MAP_
COL_INDEX_INVALID(CSourceContext*, DBString<777> const&, int, int, CMessageFactory::Message-
Disposition)+0x8b) [0x81d6c4b]]
: [/opt/GoldenGate/orcl2/replicat [0x84aa2bc]]
: [/opt/GoldenGate/orcl2/replicat(ggConvRecLE(char*,
file_def*, int, char, char)+0x4d) [0x84aa3bd]]
: [/opt/GoldenGate/orcl2/replicat [0x849dd2d]]
: [/opt/GoldenGate/orcl2/replicat(main+0x1f8b) [0x812670b]]
: [/lib/libc.so.6(__libc_start_main+0xdc) [0x68de8c]]
: [/opt/GoldenGate/orcl2/replicat(__gxx_personality_v0+0x1b5) [0x810a171]]
2011-03-22 00:36:37 ERROR OGG-01161 Bad column index (24144) specified for table SCOTT.TEST, max columns = 2.
下面在容灾端参数文件中加入DECRYPTTRAIL参数,让其对trail文件解密并查看进程的状态:
GGSCI (OE5) 3> view params repma
REPLICAT repma
USERID GoldenGate@orcl2, PASSWORD GoldenGate
setenv (NLS_LANG="AMERICAN_AMERICA.WE8ISO8859P1")
--REPORT AT 01:59
REPORTCOUNT EVERY 30 MINUTES, RATE
REPERROR DEFAULT, abend
<span style="color:#ff6666;">DECRYPTTRAIL</span> -----加入解密参数
numfiles 50000
DBOPTIONS ALLOWUNUSEDCOLUMN
MAXTRANSOPS 500000
GROUPTRANSOPS 10000
CHECKPOINTSECS 40
--HANDLECOLLISIONS
assumetargetdefs
DISCARDFILE ./dirrpt/repma.dsc, APPEND, MEGABYTES 50
GETTRUNCATES
ALLOWNOOPUPDATES
map scott.* , target scott.* ;
GGSCI (OE5) 14> info all
Program Status Group Lag Time Since Chkpt
MANAGER
REPLICAT RUNNING REPMA 00:00:00 00:00:03
二、对ogg的各种登陆密码进行加密
先看官方文档:
可以通过GoldenGate加密一些数据库口令,可以加密的数据库口令大致有下列3种。
1、GoldenGate Extract、Replicat进程及其他进程登录到数据库的密码。2、ASM数据库、GoldenGate需要登录到ASM实例的密码。
3、GoldenGate开启DDL的情况下,如果生产端执行类似CREATE | ALTER} USER <name> IDENTIFIED BY <password> 的操作容灾端有参数 DDLOPTIONS
DEFAULTUSERPASSWORD就会对密码进行加密,使其与生产端的不同
常用的加密数据库密码的方法有如下两种:
1、ENCRYPT PASSWORD <password>
2、ENCRYPT PASSWORD <password> ENCRYPTKEY <keyname><keyname>是用户自己生成的KEY的一个名字,这个名字和KEY将会保存在本地的ENCKEYS文件中。当然想使用这个属性,必须生成一个KEY,在OGG文件夹下面创建一个ENCKEYS文件,并且为这个KEY创建一个名字,那就是keyname。
在用到encryptkey属性时候,有必要先介绍一下生成encryption keys的方法。
用户自己定义KEY:首先要创建一个1到24个字符的keyname,其中不能包含空格和引用,keyvalues最大为128个字节,可以包含数字和字母或者是一个十六进制的字符串加上十六进制的标识符0x,例如:0x420E61BE7002D63560929CCA17A4E1FB。
利用KEYGEN属性生成KEY:源端在GoldenGate的安装目录下,在shell下键入命令:
KEYGEN <key length> <n><key length>:是生成的加密密码的长度,最大为128字节。
<n>:控制要生成的KEY的数量
oracle@OE5 orcl1]$ ./keygen 128 4
0xA3116324F0C72B3BE328E728C6E75725
0x907B7678A7AB561CAF2532539A1DE72A
0x7EE5894C5D8F817D7B227D7D6E537630
0x6C4F9D201473AC5E481FC82742890536
## Encryption keys
## Key name Key value
superkey 0xA3116324F0C72B3BE328E728C6E75725
superkey1 0x907B7678A7AB561CAF2532539A1DE72A
superkey2 0x7EE5894C5D8F817D7B227D7D6E537630
superkey3 0x6C4F9D201473AC5E481FC82742890536
[oracle@OE5 orcl1]$ ./ggsci
Oracle GoldenGate Command Interpreter for Oracle
Version 11.1.1.0.11 Build 001
Linux, x86, 32bit (optimized), Oracle 10 on Dec 6 2010 14:20:28
Copyright (C) 1995, 2010, Oracle and/or its affiliates. All rights reserved.
GGSCI (Allen.Beijing) 2> encrypt password ogg encryptkey superkey
Encrypted password: AADAAAAAAAAAAADAFCWBHJYIDJYGBFBHJFRALBYHCEXEPFOJVFKHHHBAODRCZDVCJHKDTJHIPGSIJJEI <span style="font-family: Arial, Helvetica, sans-serif;">--这就是生成的加密密码</span>
Algorithm used: AES128 可以使用dblogin登陆的方式进行测试:
GGSCI (Allen.Beijing) 3> dblogin userid ogg,password AADAAAAAAAAAAADAFCWBHJYIDJYGBFBHJFRALBYHCEXEPFOJVFKHHHBAODRCZDVCJHKDTJHIPGSIJJEI encryptkey superkey
Successfully logged into database.
然后我们就可以把这个密码加入到参数中来取代明文的密码文件
GGSCI (OE5) 5> edit params extma
EXTRACT extma
--userid GoldenGate@orcl1, password GoldenGate
userid GoldenGate@orcl1 , password <pre code_snippet_id="391338" snippet_file_name="blog_20140613_12_9000586" name="code" class="sql">AADAAAAAAAAAAADAFCWBHJYIDJYGBFBHJFRALBYHCEXEPFOJVFKHHHBAODRCZDVCJHKDTJHIPGSIJJEI, encryptkey superkey
4297
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
