GoldenGate的安全配置
在实施GoldenGate的时候,安全这一项往往是被忽视的。但是作为一个完整运行的GoldenGate系统,基本的安全设置还是很有必要的,比
口令加密
3、网络传输加密不能使用
所以通常情况下还是需要自己生成密钥文件。生成密钥文件需要两个步骤:
具体操作如下:
[ggate@ogg_s current]$ ./keygen 128 3
0x345CEB2DA213DC2F75B0514484FCAB42
0xD8A1B350AF392A75C52EE540B169B267
0x7CE77B73BD5F783A15AD783DDFD6B80C
# 将密钥存储到文件中,,一行一个密钥
[ggate@ogg_s current]$ cat ENCKEYS
## Key-name Key-value
PASSWDKEY 0x345CEB2DA213DC2F75B0514484FCAB42
TRAILKEY 0xD8A1B350AF392A75C52EE540B169B267
TCPIPKEY 0x7CE77B73BD5F783A15AD783DDFD6B80C
配置好密钥文件后,我们就可以对数据库账号的口令进行加密了。
GGSCI (ogg_s) 1> ENCRYPT PASSWORD OGG123 ENCRYPTKEY PASSWDKEY
Encrypted password: AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF
Algorithm used: AES128
GGSCI (ogg_s) 2> ENCRYPT PASSWORD OGG123 ENCRYPTKEY DEFAULT
Using default key...
Encrypted password: AACAAAAAAAAAAAGACARARDMENDJHIIFG
Algorithm used: BLOWFISH
GGSCI (ogg_s) 3> DBLOGIN USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY
Successfully logged into database.
...
SETENV (Oracle_HOME=/u01/app/oracle/product/11.2.0/db_1)
SETENV (ORACLE_SID=ggtest)
--USERID OGG, PASSWORD OGG123
USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY
EXTTRAIL /data/ggate/dirext/ggtest/ea
...
Trail文件加密
如果是加过密的,那数据就是一团乱码了:
...
SETENV (ORACLE_SID=ggtest)
USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY
ENCRYPTTRAIL AES128 KEYNAME TRAILKEY
EXTTRAIL /data/ggate/dirext/jet2/ea
DISCARDFILE /u01/app/oracle/product/ggate/current/dirrpt/EJET2.dsc, APPEND, MEGABYTES 500
FETCHOPTIONS FETCHPKUPDATECOLS
...
...
SHOWSYNTAX
DYNSQL
DBOPTIONS DEFERREFCONST
DECRYPTTRAIL AES128 KEYNAME TRAILKEY
MAP JET2.*, TARGET JET2.*;
...
...
DECRYPTTRAIL AES128 KEYNAME TRAILKEY
RMTHOST ogg_t, MGRPORT 7809
ENCRYPTTRAIL AES128 KEYNAME TRAILKEY
RMTTRAIL /data/ggate/dirrep/jet2/at
...
网络传输加密
...
USERID OGG, PASSWORD AADAAAAAAAAAAAGASBQGIAYGCFRCWELGFJMHBHHDOHWDWGRBBCKCYFSGGJTEJFFJUBQFKESGNAVBRDTF, ENCRYPTKEY PASSWDKEY
RMTHOST ogg_t, MGRPORT 7809, ENCRYPT AES128 KEYNAME TCPIPKEY
RMTTRAIL /data/ggate/dirrep/jet1/at
...
ERROR OGG-01453 Oracle GoldenGate Capture for Oracle, pjet1.prm: Database login information not specified in parameter file.
GoldenGate更新丢失问题
GoldenGate单向表DML同步
Oracle GoldenGate 系列:Extract 进程的恢复原理
Oracle GoldenGate安装配置
Oracle goldengate的OGG-01004 OGG-1296错误
Oracle GoldenGate快速入门教程:基本概念和配置
搭建一个Oracle到Oracle的GoldenGate双向复制环境