Chatta subito con l'assistenza
Chat con il supporto

SharePlex 11.2 - Reference Guide

About this guide Conventions used in this guide Revision History SharePlex Commands for Oracle SharePlex Commands for PostgreSQL SharePlex parameters General SharePlex utilities Oracle Cloud Infrastructure SharePlex environment variables

sp_wallet utility

SP_wallet

Description

Use the sp_wallet utility to provide the Oracle Wallet password to SharePlex. SharePlex uses the wallet password to access the TDE primary Encryption Key. SharePlex uses the TDE primary Encryption Key to decrypt TDE-protected data in the redo log that must be replicated.

Grant read permission on the Oracle Wallet file to the dba group before using sp_wallet.

Supported databases

Oracle on Unix and Linux

Run sp_wallet

To run sp_wallet and manually supply the password:

  1. On the source system, start SharePlex from the SharePlex product directory. You are prompted to run sp_wallet.

    *** To enable TDE replication, run sp_wallet and provide the wallet password ***

  2. Run sp_wallet.

    ./sp_wallet [-r port_number]

    ./sp_wallet -r 9400

    wallet password: walletpw

    Wallet loaded into SharePlex

To run sp_wallet in auto-open mode:

If you are using an auto-open wallet, you can configure SharePlex to open the TDE wallet automatically. This eliminates the need to run sp_wallet manually at SharePlex startup. The syntax is:

./sp_wallet --auto-open [-r port_number]

Important! Using the auto-open wallet feature has additional security considerations. See the Oracle documentation for more information. In addition, do not back up the SharePlex variable-data directory together with the Oracle wallet and the Oracle data files.

To cancel auto-open mode:

./sp_wallet --no-auto-open [-r port_number]

To change the TDE primary encryption key:

If you need to change the TDE primary Encryption Key while a SharePlex configuration is active, take the following steps to ensure that SharePlex continues to replicate the TDE-protected data after the changes.

  1. Quiesce the source database.
  2. Make sure that Capture finishes processing the remaining data in the redo log.
  3. Shut down SharePlex.
  4. Change the TDE primary Encryption Key.
  5. Restart SharePlex.
  6. Run the sp_wallet utility to provide SharePlex with the new TDE primary Encryption Key.

    ./sp_wallet [-r port_number]

sp_security

Description

Use the sp_security utility to enable, disable or view the SSL/TLS settings for SharePlex network communication.

Enable SSL/TLS

IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.

To enable SSL/TLS:

Run sp_security --setup, select the SSL/TLS option, and then enter a network password.

% sp_security --setup Security Setup Wizard --------------------- This wizard will walk you through setting up the SharePlex network security. Setup configuration for '/home/shareplex/var110/' and Port 2100 [N]: Y Choose your network security model. Please note the following: * Cop must be down when the security model is changed, or when the network password is changed * The same model must be used among all SharePlex nodes replicating to each other * For security model [1], the same network password must be set on all SharePlex nodes replicating to each other [1] Use basic SSL/TLS connections [2] Use non-SSL/TLS connections (default prior to SharePlex 9.1.3) Security model: 1 Please enter a network password that will be used for authentication among the SharePlex nodes. All SharePlex nodes that replicate data to each other must have the same network password. Network password: Please re-enter the network password Network password: Security settings: Configuration for '/home/shareplex/var110/' and Port 2100: Security model : SSL/TLS Network password : stored for unattended startup SSL key file password : stored for unattended startup SSL key file : key.pem SSL cert file : cert.pem Setup complete!

Disable SSL/TLS

IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.

To disable SSL/TLS:

Run “sp_security --setup” and select non-SSL/TLS connections.

% sp_security --setup Security Setup Wizard --------------------- This wizard will walk you through setting up the SharePlex network security. Setup configuration for '/home/shareplex/var110/' and Port 2100 [N]: Y Choose your network security model. Please note the following: * Cop must be down when the security model is changed, or when the network password is changed * The same model must be used among all SharePlex nodes replicating to each other * For security model [1], the same network password must be set on all SharePlex nodes replicating to each other [1] Use basic SSL/TLS connections [2] Use non-SSL/TLS connections (default prior to SharePlex 9.1.3) Security model: 2 Security settings: Configuration for '/home/shareplex/var110/' and Port 2100: Security model : Un-encrypted Setup complete!

View current SSL/TLS configuration

To view the current SSL/TLS configuration:

Run “sp_security --show”.

% sp_security --show Security settings: Configuration for '/home/shareplex/var110/' and Port 210: Security model : Un-encrypted

Trigger Scripts

Description

SharePlex provides three interactive scripts that you can run in SQL*Plus to manage triggers so that they do not interfere with replication. Review the following points before you run the scripts.

  • To run the trigger scripts, you must have access to both the SYS and DBA objects. If the SharePlex database account was set up properly during installation, that account has this access.

  • After applying an Oracle patch (which sometimes creates or modifies triggers), re-run sp_add_trigger.sql on the target system if triggers are not disabled.
  • The scripts reside in the util sub-directory of the SharePlex product directory.

  • The SharePlex trigger scripts support row-level triggers only. Statement-level triggers must be disabled/enabled for the SharePlex user separately.
  • Triggers that modify data in tables NOT being replicated and do not affect tables in the replication configuration can fire on the target system without special treatment. However, the scripts operate on all objects in the Oracle or PostgreSQL instance, whether or not they are part of replication.
  • SharePlex provides other interactive scripts for managing triggers.
  • The scripts must be run for target objects. Do not run them on the source objects unless you are using peer-to-peer replication.
  • The scripts should not be used if source and target objects are both on the same machine. In this configuration, the user can disable triggers on target objects.

Supported databases

Oracle and supported platforms

sp_add_trigger.sql

Use sp_add_trigger.sql when you cannot disable triggers on target objects, such as for peer-to-peer and high-availability configurations. This script changes the triggers so that they ignore the SharePlex Oracle user associated with the Post process, but fire for all other users. It inserts the following WHEN clause into each trigger in the database.

when user != ‘SharePlex_username’ begin

The script prompts for the SharePlex user name, and then it modifies the triggers. It does not modify triggers belonging to SYS, SYSTEM, and SCOTT.

Syntax

@absolute_pathname/sp_add_trigger.sql

sp_change_trigger.sql

Use sp_change_trigger.sql to replace the name of the SharePlex user in the WHEN clause that was created with sp_add_trigger.sql. It prompts for the current SharePlex user name and for the new user name. Change the SharePlex user in Oracle before you run this script.

Syntax

@absolute_pathname/sp_change_trigger.sql

sp_remove_trigger.sql

Use sp_remove_trigger.sql to remove the WHEN clause created with sp_add_trigger.sql. It prompts for the SharePlex user name and then automatically removes the WHEN clause from all of the triggers. Use this script if you no longer will be replicating to those tables. If you continue to use SharePlex to replicate to those tables without disabling the triggers, the triggers will fire when SharePlex posts data, and SharePlex will generate out-of-sync errors.

Syntax

@absolute_pathname/sp_remove_trigger.sql

Trigger Scripts for PostgreSQL

Trigger Scripts for PostgreSQL

Description

SharePlex provides three interactive scripts, that you can run in SQL*Plus to manage triggers so that they do not interfere with replication.

Review the following points before you run the scripts:

  • To run the trigger scripts, you must have access to both the SYS and DBA objects. If the SharePlex database account was set up properly during installation, that account has this access.

  • After applying a PostgreSQL patch (which sometimes creates or modifies triggers), re-run sp_pg_add_trigger.sql on the target system if triggers are not disabled.
  • The scripts reside in the util sub-directory of the SharePlex product directory.

  • The SharePlex trigger scripts support row-level triggers only. Statement-level triggers must be disabled/enabled for the SharePlex user separately.
  • Triggers that modify data in tables NOT being replicated and do not affect tables in the replication configuration can fire on the target system without special treatment. However, the scripts operate on all objects in the PostgreSQL instance, whether or not they are part of replication.
  • SharePlex provides other interactive scripts for managing triggers.
  • The scripts must be run for target objects. Do not run them on the source objects unless you are using peer-to-peer replication.
  • The scripts should not be used if source and target objects are both on the same machine. In this configuration, the user can disable triggers on target objects.

Limitation: As the PostgreSQL database has a one-to-many relationship between users and schemas, i.e., one user and many schemas, these scripts will take the user as input and enable or disable all triggers under that user's database.

Supported databases

PostgreSQL on supported platforms

sp_pg_add_trigger.sql

Use sp_pg_add_trigger.sql when you cannot disable triggers on target objects, such as for peer-to-peer and high-availability configurations. This script changes the triggers so that they ignore the SharePlex PostgreSQL user associated with the Post process, but fire for all other users. It inserts the following WHEN clause into each trigger in the database.

when user != ‘SharePlex_username’ EXECUTE { FUNCTION | PROCEDURE } function_name ( arguments )

The script prompts for the SharePlex user name, and then it modifies the triggers. It does not modify triggers belonging to SYS, SYSTEM, and SCOTT.

Syntax

\i absolute_pathname/sp_pg_add_trigger.sql

sp_pg_change_trigger.sql

Use sp_pg_change_trigger.sql to replace the name of the SharePlex user in the WHEN clause that was created with sp_pg_create_trigger.sql. It prompts for the current SharePlex user name and for the new user name. Change the SharePlex user in PostgreSQL before you run this script.

Syntax

\i absolute_pathname/sp_pg_change_trigger.sql

sp_pg_remove_trigger.sql

Use sp_pg_remove_trigger.sql to remove the WHEN clause created with sp_pg_create_trigger.sql. It prompts for the SharePlex user name and then automatically removes the WHEN clause from all of the triggers. Use this script if you no longer will be replicating to those tables. If you continue to use SharePlex to replicate to those tables without disabling the triggers, the triggers will fire when SharePlex posts data, and SharePlex will generate out-of-sync errors.

Syntax

\i absolute_pathname/sp_pg_remove_trigger.sql

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione