sp-bininfo
Description
Use the sp-bininfo utility to verify that a new release of SharePlex includes past one-off builds of SharePlex that you received from Support between GA releases.
The output shows the following for each one-off that is installed for your current version of SharePlex:
- SharePlex module, such as Capture (sp_ocap) or Post (sp_opst or sp_xpst)
- SharePlex version and build number
- Database and platform
- Change Request (CR) number(s). This is a unique internal change tracking number that is assigned to your case at the time your one-off request enters the development process.
- The SharePlex libraries that were updated in the one-off
Figure 1: Sample sp-bininfo output
(6) sp_ocap:
build 171 of SharePlex_Oracle (ONEOFF-CR123456-CR654321-CR789102-oracle110) 8.6.3 for rh-40-amd64 by jdoe
SharePlex shared lib(s):
libspwildcard.so.8.6.3.47
libsporacle.so.8.6.3.47
libsporalog.so.8.6.3.47
libspshareplex.so.8.6.3.47
libspspo.uname.so.8.6.3.47
libspdb.so.8.6.3.47
libspodb.so.8.6.3.47
libspspo.typecheck.so.8.6.3.47
libspcore.so.8.6.3.47
libspext.so.8.6.3.47
libspspo.memory.impl.so.8.6.3.47
libspspo.memory.stub.so.8.6.3.47
libspspo.shim.so.8.6.3.47
libspspymdb.so.8.6.3.47
Supported databases
Not applicable
Supported platforms
Linux and Unix
Run sp-bininfo
Perform the follwing steps to run sp-bininfo:
-
Run the sp-bininfo utility from the util subdirectory of the product directory of your current SharePlex installation.
$ cd path_to_SharePlex_proddir/util
$ ./sp-bininfo
- Compare the CRs of each one-off shown in the sp-bininfo output with the CRs in the Resolved Issues section of the Release Notes that are included with the new SharePlexversion.
- If any CRs of your one-offs are not shown in the Resolved Issues, the new version does not include that functionality, and you should not proceed with the upgrade. Contact SharePlex support to obtain the missing fixes.
sp_wallet utility
SP_wallet
Description
Use the sp_wallet utility to provide the Oracle Wallet password to SharePlex. SharePlex uses the wallet password to access the TDE primary Encryption Key. SharePlex uses the TDE primary Encryption Key to decrypt TDE-protected data in the redo log that must be replicated.
Grant read permission on the Oracle Wallet file to the dba group before using sp_wallet.
Supported databases
Oracle on Unix, Linux, and Windows
Run sp_wallet
To run sp_wallet and manually supply the password:
-
On the source system, start SharePlex from the SharePlex product directory. You are prompted to run sp_wallet.
*** To enable TDE replication, run sp_wallet and provide the wallet password ***
-
Run sp_wallet.
./sp_wallet [-r port_number]
IMPORTANT! On Windows, if you installed SharePlex on any port other than the default of 2100, use the -r option to specify the port number. For example, in the following command the port number is 9400:
./sp_wallet -r 9400
wallet password: walletpw
Wallet loaded into SharePlex
To run sp_wallet in auto-open mode:
If you are using an auto-open wallet, you can configure SharePlex to open the TDE wallet automatically. This eliminates the need to run sp_wallet manually at SharePlex startup. The syntax is:
./sp_wallet --auto-open [-r port_number]
Important! Using the auto-open wallet feature has additional security considerations. See the Oracle documentation for more information. In addition, do not back up the SharePlex variable-data directory together with the Oracle wallet and the Oracle data files.
To cancel auto-open mode:
./sp_wallet --no-auto-open [-r port_number]
To change the TDE primary encryption key:
If you need to change the TDE primary Encryption Key while a SharePlex configuration is active, take the following steps to ensure that SharePlex continues to replicate the TDE-protected data after the changes.
- Quiesce the source database.
- Make sure that Capture finishes processing the remaining data in the redo log.
- Shut down SharePlex.
- Change the TDE primary Encryption Key.
- Restart SharePlex.
-
Run the sp_wallet utility to provide SharePlex with the new TDE primary Encryption Key.
./sp_wallet [-r port_number]
sp_hsm
sp_hsm
Description
Use the sp_hsm utility to provide the Oracle Wallet password to SharePlex that is stored at external storage (HSM). SharePlex uses the wallet password to access the TDE primary Encryption Key. SharePlex uses the TDE primary Encryption Key to decrypt TDE protected data in the redo log that must be replicated.
Grant read permission on the Oracle Wallet file to the dba group before using sp_hsm.
Supported databases
Oracle
Run the sp_hsm Utility
Run the sp_hsm utility:
-
Open command prompt.
-
Enter the Oracle SID or TNS alias if it is an RAC configuration [ORCL1]: ORCL1
-
Ensure the HSM library is set up correctly:
HSM opm_is_hsm_library_setup entered for sid o.ORCL1
HSM opm_is_hsm_library_setup returned true
-
Enter the Slot ID for the HSM on which the Oracle database is configured.
HSM Slot ID [0]: 1
-
Enter the HSM password.
After successfully adding the HSM password to Shareplex, the utility displays the following message:
The HSM password has been successfully added to Shareplex.
Shareplex will automatically connect to HSM upon startup.
The sp_hsm utility will not need to be run again unless you want to change the HSM password.
To change the HSM password, just run sp_hsm and enter the new password.
The old HSM password will replace the existing password.
sp_security
Description
Use the sp_security utility to enable, disable or view the SSL/TLS settings for SharePlex network communication.
Enable SSL/TLS
IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.
To enable SSL/TLS:
Run sp_security --setup, select the SSL/TLS option, and then enter a network password.
% sp_security --setup
Security Setup Wizard
---------------------
This wizard will walk you through setting up the SharePlex network security.
Setup configuration for '/home/shareplex/var110/' and Port 2100 [N]: Y
Choose your network security model. Please note the following:
* Cop must be down when the security model is changed, or when the network password is changed
* The same model must be used among all SharePlex nodes replicating to each other
* For security model [1], the same network password must be set on all SharePlex nodes replicating to each other
[1] Use basic SSL/TLS connections
[2] Use non-SSL/TLS connections (default prior to SharePlex 9.1.3)
Security model: 1
Please enter a network password that will be used for authentication
among the SharePlex nodes. All SharePlex nodes that replicate data to each
other must have the same network password.
Network password:
Please re-enter the network password
Network password:
Security settings:
Configuration for '/home/shareplex/var110/' and Port 2100:
Security model : SSL/TLS
Network password : stored for unattended startup
SSL key file password : stored for unattended startup
SSL key file : key.pem
SSL cert file : cert.pem
Setup complete!
Disable SSL/TLS
IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.
To disable SSL/TLS:
Run “sp_security --setup” and select non-SSL/TLS connections.
% sp_security --setup
Security Setup Wizard
---------------------
This wizard will walk you through setting up the SharePlex network security.
Setup configuration for '/home/shareplex/var110/' and Port 2100 [N]: Y
Choose your network security model. Please note the following:
* Cop must be down when the security model is changed, or when the network password is changed
* The same model must be used among all SharePlex nodes replicating to each other
* For security model [1], the same network password must be set on all SharePlex nodes replicating to each other
[1] Use basic SSL/TLS connections
[2] Use non-SSL/TLS connections (default prior to SharePlex 9.1.3)
Security model: 2
Security settings:
Configuration for '/home/shareplex/var110/' and Port 2100:
Security model : Un-encrypted
Setup complete!
View current SSL/TLS configuration
To view the current SSL/TLS configuration:
Run “sp_security --show”.
% sp_security --show
Security settings:
Configuration for '/home/shareplex/var110/' and Port 210:
Security model : Un-encrypted
