oracle 11g Dataguard 之 Remote_Transport_user
1)背景:
當(dāng)配置Dataguard SYS密碼會(huì)一直變化的時(shí)候如何保證Dataguard主庫(kù)到備庫(kù)的日志傳輸和通信?
因?yàn)橛行┙鹑诠镜腟ecurity 要求比較高,對(duì)數(shù)據(jù)庫(kù)用戶的密碼權(quán)限回收,若果在配置11g active dataguard如果使用了sys賬號(hào)用作redo傳輸?shù)挠脩?#xff0c;默認(rèn)數(shù)據(jù)庫(kù)的redo transport user 為空表示該用戶為SYS。
如果sys密碼一直在變那會(huì)出現(xiàn)如下錯(cuò)誤:
Error 1017 received logging on to the standby------------------------------------------------------------Check that the primary and standby are using a password fileand remote_login_passwordfile is set to SHARED or EXCLUSIVE, and that the SYS password is same in the password files.????? returning error ORA-16191------------------------------------------------------------FAL[client, ARC0]: Error 16191 connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname)(PORT=1521))(CONNECT_DATA=
(SERVICE_NAME=dg_std)(SERVER=DEDICATED))) for fetching gap sequence
2)解決:
更改redo transport user 為密碼不變用戶(有些公司的賬號(hào)管理對(duì)于密碼保持不變的,需要通過(guò)設(shè)置service id來(lái)實(shí)現(xiàn)密碼固定策略)
3)測(cè)試:
以下Demo只為記錄,轉(zhuǎn)載自網(wǎng)絡(luò),方便大家有個(gè)整體過(guò)程的體驗(yàn)。
1. In this case transport service running on Primary database, Standby database opened Read Only With Apply (Active Data Guard is running).REDO_TRANSPORT_USER parameter is not set on both side.
On primary side:
Alter log of primary database:
On standby side :
Alert log of standby database:
Primary database is in MAXIMUM PERFORMANCE mode ASYNC transport going normally. Now I'm changing SYS password of primary.
Alert log of primary database:
Yes, we are getting error when changed SYS password. I coping primary password for standby with Linux copy command (cp)
Trying again.
SQL> alter system switch logfile;
?? System altered.
SQL> /
? System altered.??
SQL> select max(sequence#) from v$archived_log;
? MAX(SEQUENCE#)
? --------------
????????? 310??
Alert log of primary database:
******************************************************************
LGWR: Setting 'active' archival for destination LOG_ARCHIVE_DEST_2 ******************************************************************
Wed May 01 12:19:06 2013 Archived Log entry 614 added for thread 1 sequence 309 ID 0xf23a6e3f dest 1: LNS: Standby redo logfile selected for thread 1 sequence 310 for destination LOG_ARCHIVE_DEST_2 Wed May 01 12:19:07 2013 ARC3: Standby redo logfile selected for thread 1 sequence 309 for destination LOG_ARCHIVE_DEST_2 Thread 1 cannot allocate new log, sequence 311 Checkpoint not complete Current log# 1 seq# 310 mem# 0: /u01/app/oracle/oradata/admdb/redo01.log Thread 1 advanced to log sequence 311 (LGWR switch) Current log# 2 seq# 311 mem# 0: /u01/app/oracle/oradata/admdb/redo02.log
On Standby:
SQL> select max(sequence#) from v$archived_log;
? MAX(SEQUENCE#)
? --------------
?????? 310
Alert log of standby database:
Transport continue normally after copy password file of primary database to standby side.
2. In this case I create a user and granting SYSOPER and setting REDO_TRANSPORT_USER to this user.
On primary side :
SQL> create user RTU identified by rtu; User created.?
SQL> grant SYSOPER to RTU;
Grant succeeded.
SQL> select * from v$PWFILE_USERS;
USERNAME SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS TRUE TRUE FALSE RTU FALSE TRUE FALSE
SQL> alter system set REDO_TRANSPORT_USER='RTU';
System altered.
SQL> show parameter REDO_TRANSPORT_USER NAME TYPE VALUE
------------------ --------- ---------------
redo_transport_user string RTU
Alert log of primary database:
On Standby side :
SQL> select username from all_users??where username ='RTU';
USERNAME
------------------------------
RTU
SQL> select * from v$pwfile_users;
USERNAME SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS TRUE TRUE FALSE
SQL> grant SYSOPER to RTU;
Grant succeeded.
SQL> alter system set REDO_TRANSPORT_USER=RTU;
System altered.
Now we can check, transport process.
On primary:
SQL> alter system switch logfile;
System altered.
?SQL> select max(sequence#) from v$archived_log;
MAX(SEQUENCE#)
--------------
??? 314
On standby side :
SQL> select max(sequence#) from v$archived_log;
MAX(SEQUENCE#)
--------------
??? 314
Redo transport service using RTU user for transport redo from primary to standby database. I changing
SYS user password on primary again.
SQL> alter user sys identified by SYSPass2;
User altered.
On primary :
SQL> alter system switch logfile; System altered.
SQL> select max(sequence#) from v$archived_log;
MAX(SEQUENCE#)
--------------
??? 315
On Standby side :
SQL> select max(sequence#) from v$archived_log;
MAX(SEQUENCE#)
--------------
??? 315
It means transport is not stopped. If we change RTU user’s password then Redo Transport will stop, Because RTU user is privileged SYSOPER and this password change must be on password file. It means, if we change RTU user’s password we must copy password file from primary to standby side, again.ConclusionPassword files must be same for Data Guard Configuration databases. In a Data Guard configuration, all physical and snapshot standby databases must use a copy of the password file from the primary database, and that copy must be refreshed whenever the SYSOPER or SYSDBA privilege is granted or revoked, and after the password of any user with these privileges is changed.
Regards
Mahir M. Quluzade
總結(jié)
以上是生活随笔為你收集整理的oracle 11g Dataguard 之 Remote_Transport_user的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: dayday60-120
- 下一篇: C语言比较两个数的大小,输出较大的数