show_scn
Use the show_scn utility to view the correct Oracle SCN values to supply with the following commands during a Resume Replication recovery procedure:
- activate config config_name scn=scn_value
- reconcile queue queue_name for datasource-datadest scn scn_value
Supported databases
Oracle source and target
Run show_scn
The show_scn utility is run during the Resume Replication procedure after the source, target or both have failed. To use Resume Replication and the show_scn utility, there must be the following in place at the onset of replication:
- A disaster recovery (DR) solution that provides a physically identical copy of the production source instance and another physical copy of the production target instance. Methods such as Oracle Data Guard or disk mirroring, tape backups and other methods support this requirement.
- The SP_OPO_UPDATE_SCN parameter must be set to a value of 1. This parameter directs SharePlex to keep a record of the SCNs of the transactions that it processes. When you set this parameter to 1, it also disables the Post Enhanced Performance feature.
IMPORTANT: For more information about how to use show_scn in context, see "Resume replication after failure and recovery" in the SharePlex Administration Guide.
To run show_scn
From the command line of the target system, run the show_scn utility from the bin subdirectory of the SharePlex product directory. For datasource, use the ORACLE_SID of the source database.
$ /productdir/bin/show_scn datasource
Output
The utility provides output similar to the following:
$> show_scn o.ora112
On source activate to scn=510012416
For resume replication from ora112
reconcile queue sp01 for o.ora112-o.ora112 scn 4517993781
reconcile queue sp02 for o.ora112-o.ora112 scn 4517994532
reconcile queue sp03 for o.ora112-o.ora112 scn 4517995633
sp_wallet utility
Description
Use the sp_wallet utility to provide the Oracle Wallet password to SharePlex. SharePlex uses the wallet password to access the TDE primary Encryption Key. SharePlex uses the TDE primary Encryption Key to decrypt TDE-protected data in the redo log that must be replicated.
Grant read permission on the Oracle Wallet file to the dba group before using sp_wallet.
Supported databases
Oracle on Windows
Run sp_wallet
To run sp_wallet and manually supply the password
-
On the source system, start SharePlex from the SharePlex product directory. You are prompted to run sp_wallet.
*** To enable TDE replication, run sp_wallet and provide the wallet password ***
-
Run sp_wallet.
./sp_wallet [-r port_number]
Important! On Windows, if you installed SharePlex on any port other than the default of 2100, use the -r option to specify the port number. For example, in the following command the port number is 9400:
./sp_wallet -r 9400
wallet password: walletpw
Wallet loaded into SharePlex
To run sp_wallet in auto-open mode
If you are using an auto-open wallet, you can configure SharePlex to open the TDE wallet automatically. This eliminates the need to run sp_wallet manually at SharePlex startup. The syntax is:
./sp_wallet --auto-open [-r port_number]
Important! Using the auto-open wallet feature has additional security considerations. See the Oracle documentation for more information. In addition, do not back up the SharePlex variable-data directory together with the Oracle wallet and the Oracle data files.
To cancel auto-open mode
./sp_wallet --no-auto-open [-r port_number]
To change the TDE primary encryption key
If you need to change the TDE primary Encryption Key while a SharePlex configuration is active, take the following steps to ensure that SharePlex continues to replicate the TDE-protected data after the changes.
- Quiesce the source database.
- Make sure that Capture finishes processing the remaining data in the redo log.
- Shut down SharePlex.
- Change the TDE primary Encryption Key.
- Restart SharePlex.
-
Run the sp_wallet utility to provide SharePlex with the new TDE primary Encryption Key.
./sp_wallet [-r port_number]
sp_security
Description
Use the sp_security utility to enable, disable or view the SSL/TLS settings for SharePlex network communication.
Enable SSL/TLS
IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.
To enable SSL/TLS
Run “sp_security --setup”, select the SSL/TLS option, and then enter a network password.
% sp_security --setup
Security Setup Wizard
---------------------
This wizard will walk you through setting up the SharePlex network security.
Setup configuration for '/home/shareplex/var110/' and Port 2100 [N]: Y
Choose your network security model. Please note the following:
* Cop must be down when the security model is changed, or when the network password is changed
* The same model must be used among all SharePlex nodes replicating to each other
* For security model [1], the same network password must be set on all SharePlex nodes replicating to each other
[1] Use basic SSL/TLS connections
[2] Use non-SSL/TLS connections (default prior to SharePlex 9.1.3)
Security model: 1
Please enter a network password that will be used for authentication
among the SharePlex nodes. All SharePlex nodes that replicate data to each
other must have the same network password.
Network password:
Please re-enter the network password
Network password:
Security settings:
Configuration for '/home/shareplex/var110/' and Port 2100:
Security model : SSL/TLS
Network password : stored for unattended startup
SSL key file password : stored for unattended startup
SSL key file : key.pem
SSL cert file : cert.pem
Setup complete!
Disable SSL/TLS
IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.
To disable SSL/TLS
Run “sp_security --setup” and select non-SSL/TLS connections.
% sp_security --setup
Security Setup Wizard
---------------------
This wizard will walk you through setting up the SharePlex network security.
Setup configuration for '/home/shareplex/var110/' and Port 2100 [N]: Y
Choose your network security model. Please note the following:
* Cop must be down when the security model is changed, or when the network password is changed
* The same model must be used among all SharePlex nodes replicating to each other
* For security model [1], the same network password must be set on all SharePlex nodes replicating to each other
[1] Use basic SSL/TLS connections
[2] Use non-SSL/TLS connections (default prior to SharePlex 9.1.3)
Security model: 2
Security settings:
Configuration for '/home/shareplex/var110/' and Port 2100:
Security model : Un-encrypted
Setup complete!
View current SSL/TLS configuration
To view the current SSL/TLS configuration
Run “sp_security --show”.
% sp_security --show
Security settings:
Configuration for '/home/shareplex/var110/' and Port 210:
Security model : Un-encrypted
Trigger Scripts
Description
SharePlex provides three interactive scripts that you can run in SQL*Plus to manage triggers so that they do not interfere with replication. Review the following points before you run the scripts.
-
To run the trigger scripts, you must have access to both the SYS and DBA objects. If the SharePlex database account was set up properly during installation, that account has this access.
- After applying an Oracle patch (which sometimes creates or modifies triggers), re-run sp_add_trigger.sql on the target system if triggers are not disabled.
-
The scripts reside in the util sub-directory of the SharePlex product directory.
- The SharePlex trigger scripts support row-level triggers only. Statement-level triggers must be disabled/enabled for the SharePlex user separately.
- Triggers that modify data in tables NOT being replicated and do not affect tables in the replication configuration can fire on the target system without special treatment. However, the scripts operate on all objects in the Oracle instance, whether or not they are part of replication.
- SharePlex provides other interactive scripts for managing triggers.
- The scripts must be run for target objects. Do not run them on the source objects unless you are using peer-to-peer replication.
- The scripts should not be used if source and target objects are both on the same machine. In this configuration, the user can disable triggers on target objects.
Supported databases
Oracle on supported platforms
sp_add_trigger.sql
Use sp_add_trigger.sql when you cannot disable triggers on target objects, such as for peer-to-peer and high-availability configurations. This script changes the triggers so that they ignore the SharePlex Oracle user associated with the Post process, but fire for all other users. It inserts the following WHEN clause into each trigger in the database.
when user != ‘SharePlex_username’ begin
The script prompts for the SharePlex user name, and then it modifies the triggers. It does not modify triggers belonging to SYS, SYSTEM, and SCOTT.
Syntax
@absolute_pathname/sp_add_trigger.sql
sp_change_trigger.sql
Use sp_change_trigger.sql to replace the name of the SharePlex user in the WHEN clause that was created with sp_add_trigger.sql. It prompts for the current SharePlex user name and for the new user name. Change the SharePlex user in Oracle before you run this script.
Syntax
@absolute_pathname/sp_change_trigger.sql
sp_remove_trigger.sql
Use sp_remove_trigger.sql to remove the WHEN clause created with sp_add_trigger.sql. It prompts for the SharePlex user name and then automatically removes the WHEN clause from all of the triggers. Use this script if you no longer will be replicating to those tables. If you continue to use SharePlex to replicate to those tables without disabling the triggers, the triggers will fire when SharePlex posts data, and SharePlex will generate out-of-sync errors.
Syntax
@absolute_pathname/sp_remove_trigger.sql
