12.2 中的Data Guard Standby 密码文件自动同步 (Doc ID 2307365.1)

时间:2021-09-21 06:00:34

Data Guard Standby Automatic Password file Synchronization in 12.2 (Doc ID 2307365.1)

APPLIES TO:

Oracle Database - Enterprise Edition - Version 12.2.0.1 and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Information in this document applies to any platform.

GOAL

Automatic Password file synchronization in 12.2 Dataguard Standby database  12.2 Dataguard Standby数据库中的密码文件自动同步

SOLUTION

When password file is used for Redo Transport Authentication, the password of redo transport user should be same across primary and all its physical and snapshot standby databases. By default SYS user is used to authenticate redo transport sessions when password file is used. 

当密码文件用于Redo传输身份验证时,Redo传输用户的密码在主数据库及其所有物理和快照备用数据库之间应该相同。默认情况下,使用密码文件时,SYS用户用于验证Redo传输会话

Till 12cR1 Dataguard setup, if there is a change in password file of Primary database like Changes in password or Changes in admin privileges, then the password file needs to be copied from Primary database to standby database server and rename it according to standby database Instance name. If the password file of Primary and Standby databases are not same, then errors will be seen.

直到12cR1 Dataguard 设置,如果主数据库的密码文件发生了更改(如“密码更改”或“管理员权限”更改),则需要将密码文件从主数据库复制到备用数据库服务器,并根据备用数据库实例名称重命名。如果主数据库和备用数据库的密码文件不同,则会看到错误

In 12cR2, the password file of standby database gets synchronized automatically when there is a change in Primary database password file. The password file change of Primary will be included in Redo and when the Redo is applied to standby, the synchronization happens in the background.

在12cR2中,当主数据库密码文件发生更改时,备用数据库的密码文件将自动同步。主库密码文件更改将包含在Redo中,并且当Redo应用于备用时,同步将在后台进行

Exception: Far-sync Instances (where the redo will not be applied). We need to manually copy the password file. Once the password file is sync at Far-Sync instance, the redo having password file information will get transmitted to standby which are suppose to receive from Far-sync instance.

例外:Far-sync实例(将不应用redo)。我们需要手动复制密码文件。一旦在Far-Sync实例上同步了密码文件,则具有密码文件信息的redo将被传输到备用数据库,该数据库应从Far-sync实例接收。

Example:

PRIMARY>select username, sysdba, sysoper, sysasm,sysbackup,authentication_type AT from v$pwfile_users;

USERNAME             SYSDB SYSOP SYSAS SYSBA AT
-------------------- ----- ----- ----- ----- --------
SYS                   TRUE  TRUE FALSE FALSE PASSWORD
SYSDG                FALSE FALSE FALSE FALSE PASSWORD
SYSBACKUP            FALSE FALSE FALSE  TRUE PASSWORD
SYSKM                FALSE FALSE FALSE FALSE PASSWORD

STANDBY>select username, sysdba, sysoper, sysasm,sysbackup,authentication_type AT from v$pwfile_users;

USERNAME   SYSDB SYSOP SYSAS SYSBA AT
---------- ----- ----- ----- ----- --------
SYS         TRUE  TRUE FALSE FALSE PASSWORD
SYSDG      FALSE FALSE FALSE FALSE PASSWORD
SYSBACKUP  FALSE FALSE FALSE  TRUE PASSWORD
SYSKM      FALSE FALSE FALSE FALSE PASSWORD

Let‘s grant a role to a user at Primary database which will make changes in Password file  让我们向Primary数据库中的用户授予一个角色,该角色将在Password文件中进行更改

PRIMARY>Grant SYSOPER to user1;

Grant succeeded.

PRIMARY>select username, sysdba, sysoper, sysasm,sysbackup,authentication_type AT from v$pwfile_users;

USERNAME             SYSDB SYSOP SYSAS SYSBA AT
-------------------- ----- ----- ----- ----- --------
SYS                   TRUE  TRUE FALSE FALSE PASSWORD
SYSDG                FALSE FALSE FALSE FALSE PASSWORD
SYSBACKUP            FALSE FALSE FALSE  TRUE PASSWORD
SYSKM                FALSE FALSE FALSE FALSE PASSWORD
USER1                FALSE  TRUE FALSE FALSE PASSWORD

Password file of Primary database:

-rw-r-----. 1 oracle oinstall 4096 /u01/app/oracle/product/12.2.0/dbhome_1/dbs/orapwprimdb

Switch the logfile, so that the Redo reach its standby databases  切换日志文件,以便Redo到达其备用数据库

PRIMARY>alter system switch logfile;

System altered.

At standby Media recovery is not active. Verify v$pwfile_users for the granted role   在待机状态下,介质恢复未激活。验证v$pwfile_users是否已授予角色 

STANDBY>select username, sysdba, sysoper, sysasm,sysbackup,authentication_type AT from v$pwfile_users;

USERNAME   SYSDB SYSOP SYSAS SYSBA AT
---------- ----- ----- ----- ----- --------
SYS         TRUE  TRUE FALSE FALSE PASSWORD
SYSDG      FALSE FALSE FALSE FALSE PASSWORD
SYSBACKUP  FALSE FALSE FALSE  TRUE PASSWORD
SYSKM      FALSE FALSE FALSE FALSE PASSWORD

Password file of Standby database:

-rw-r-----. 1 oracle oinstall 3584 /u01/app/oracle/product/12.2.0/dbhome_2/dbs/orapwstdbydb

Newly granted role is not reflected in Standby, lets start Media recovery and then query v$pwfile_users.  新授予的角色未反映在Standby中,请启动媒体恢复,然后查询v$pwfile_users。

STANDBY>recover managed standby database disconnect;
Media recovery complete.

STANDBY>select username, sysdba, sysoper, sysasm,sysbackup,authentication_type AT from v$pwfile_users;

USERNAME   SYSDB SYSOP SYSAS SYSBA AT
---------- ----- ----- ----- ----- --------
SYS         TRUE  TRUE FALSE FALSE PASSWORD
SYSDG      FALSE FALSE FALSE FALSE PASSWORD
SYSBACKUP  FALSE FALSE FALSE  TRUE PASSWORD
SYSKM      FALSE FALSE FALSE FALSE PASSWORD
USER1      FALSE  TRUE FALSE FALSE PASSWORD

Password file of standby database:

-rw-r-----. 1 oracle oinstall 4096 /u01/app/oracle/product/12.2.0/dbhome_2/dbs/orapwstdbydb

 We could see after media recovery v$pwfile_users has been updated  我们可以看到媒体恢复后v$pwfile_users已更新