Let us learn Oracle Database Administration skills: August 2023

Monday, August 28, 2023

Oracle Databae Vault impact on GoldenGate replication - DBMS_MACADM.ADD_AUTH_TO_REALM

A quick validation or oracle GoldenGate replication with database vault "ON":

DV activated:
Source & Target:

SQL> select value from v$option where parameter='Oracle Database Vault';
VALUE
----------------------------------------------------------------
TRUE
SQL>

Load data into the source DB:

insert into ggtest1
select (level+2000) eid,mod(level,6) pincode,rpad('X',mod(level,5)) branchcode,lpad('A',mod(level,5))||rpad('B',mod(level,5)) ename
from dual
connect by level <= 1000;

commit;

Actual output:

C:\Users\vagrant>sqlplus encvault_test/encvault_test@ggsrc04t
..

SQL> select table_name from user_tables;
TABLE_NAME
--------------------------------------------------------------------------------
ENCRYPT_TAB1
GGTEST1

SQL> select count(1) from ggtest1;
COUNT(1)
----------
1999

SQL> select max(eid) from ggtest1;
MAX(EID)
----------
2000

SQL> insert into ggtest1
2 select (level+2000) eid,mod(level,6) pincode,rpad('X',mod(level,5)) branchcode,lpad('A',mod(level,5))||rpad('B',mod(level,5)) ename
3 from dual
4 connect by level <= 1000;

1000 rows created.

SQL> commit;
Commit complete.

Kick off the replication which was stopped for db bounce (DV activation):

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 13> start replicat rpt2
2023-08-28T17:01:58Z INFO OGG-00975 Replicat group RPT2 starting.
2023-08-28T17:01:58Z INFO OGG-15445 Replicat group RPT2 started.

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 14> start extract rxt3
2023-08-28T17:02:04Z INFO OGG-00975 Extract group RXT3 starting.
2023-08-28T17:02:04Z INFO OGG-15426 Extract group RXT3 started.

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 15> status extract rxt3
EXTRACT RXT3: RUNNING

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 16> status replicat rpt2
REPLICAT RPT2: RUNNING
OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 17>

Validate the target:

SQL> conn encvault_test/encvault_test@192.168.194.11:1521/ggtgt04t
Connected.

SQL> select table_name from user_tables;
TABLE_NAME
--------------------------------------------------------------------------------
ENCRYPT_TAB1
GGTEST1

SQL> select count(1) from GGTEST1;
COUNT(1)
----------
1999

SQL> select max(eid) from ggtest1;
MAX(EID)
----------
2000

>>> replicat stats shows the records were discarded

...
Replicating from ENCVAULT_TEST.GGTEST1 to ENCVAULT_TEST.GGTEST1:
*** Total statistics since 2023-08-28 18:02:03 ***
Total inserts 0.00
Total updates 0.00
Total deletes 0.00
Total upserts 0.00
Total discards 1000.00
Total operations 0.00
*** Daily statistics since 2023-08-28 18:02:03 ***
Total inserts 0.00
Total updates 0.00
Total deletes 0.00
Total upserts 0.00
Total discards 1000.00
Total operations 0.00
*** Hourly statistics since 2023-08-28 18:02:03 ***
Total inserts 0.00
Total updates 0.00
Total deletes 0.00
Total upserts 0.00
Total discards 1000.00
Total operations 0.00
*** Latest statistics since 2023-08-28 18:02:03 ***
Total inserts 0.00
Total updates 0.00
Total deletes 0.00
Total upserts 0.00
Total discards 1000.00
Total operations 0.00
End of statistics.

So let us try add

Example:
EXEC DBMS_MACADM.ADD_AUTH_TO_REALM('realm_name','username');

Actual:

EXEC DBMS_MACADM.ADD_AUTH_TO_REALM('APP schema','GGADMIN_TGT');

before authorization addition:

SQL> select * from DVSYS.DBA_DV_REALM order by 1;
NAME ,DESCRIPTION ,AUDIT_OPTIONS,REALM_TYP,COM,INH,E, ID#,ORA,PL_
--------------------------------------------------------------------------------------------------------------------------------,----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------,-------------,---------,---,---,-,----------,---,---
APP schema ,Protect APP Schema , 1,REGULAR ,NO ,NO ,Y, 5000,NO ,NO
Database Vault Account Management ,Defines the realm for administrators who create and manage database accounts and profiles. , 1,REGULAR ,NO ,NO ,Y, 6,YES,NO
Oracle Database Vault ,Defines the realm for the Oracle Database Vault schemas - DVSYS, DVF and LBACSYS where Database Vault access control configuration and roles are contained. , 1,REGULAR ,NO ,NO ,Y, 2,YES,NO
Oracle Default Component Protection Realm ,Defines the realm to protect default components of the Oracle database. , 1,REGULAR ,NO ,NO ,Y, 10,YES,NO
Oracle Default Schema Protection Realm ,Defines the realm for the Oracle Default schemas. , 1,REGULAR ,NO ,NO ,Y, 8,YES,NO
Oracle Enterprise Manager ,Defines the Enterprise Manager monitoring and management realm. , 1,REGULAR ,NO ,NO ,Y, 7,YES,NO
Oracle System Privilege and Role Management Realm ,Defines the realm to control granting of system privileges and database administrator roles. , 1,REGULAR ,NO ,NO ,Y, 9,YES,NO
7 rows selected.

SQL> select * from DVSYS.DBA_DV_REALM_AUTH order by 1,4,2;
REALM_NAME ,COM,INH,GRANTEE ,AUTH_RULE_SET_NAME ,AUTH_OPTIONS ,COM,INH
--------------------------------------------------,---,---,--------------------,------------------------------,------------------------------,---,---
Database Vault Account Management ,NO ,NO ,DV_ACCTMGR , ,Owner ,NO ,NO
Oracle Database Vault ,NO ,NO ,DVSYS , ,Owner ,NO ,NO
Oracle Database Vault ,NO ,NO ,DV_ADMIN , ,Participant ,NO ,NO
Oracle Database Vault ,NO ,NO ,DV_OWNER , ,Owner ,NO ,NO
Oracle Database Vault ,NO ,NO ,LBACSYS , ,Owner ,NO ,NO
Oracle Default Component Protection Realm ,NO ,NO ,SYS , ,Owner ,NO ,NO
Oracle Default Component Protection Realm ,NO ,NO ,SYSTEM , ,Owner ,NO ,NO
Oracle Default Schema Protection Realm ,NO ,NO ,SYS , ,Owner ,NO ,NO
Oracle Enterprise Manager ,NO ,NO ,DBSNMP , ,Owner ,NO ,NO
Oracle Enterprise Manager ,NO ,NO ,SYSTEM , ,Owner ,NO ,NO
Oracle System Privilege and Role Management Realm ,NO ,NO ,SYS , ,Owner ,NO ,NO
11 rows selected.

after authorization addition:
SQL> select * from DVSYS.DBA_DV_REALM_AUTH order by 1,4,2;
REALM_NAME ,COM,INH,GRANTEE ,AUTH_RULE_SET_NAME ,AUTH_OPTIONS ,COM,INH
--------------------------------------------------,---,---,--------------------,------------------------------,------------------------------,---,---
APP schema ,NO ,NO ,GGADMIN_TGT , ,Participant ,NO ,NO << GGADMIN_TGT is authorized now.
Database Vault Account Management ,NO ,NO ,DV_ACCTMGR , ,Owner ,NO ,NO
Oracle Database Vault ,NO ,NO ,DVSYS , ,Owner ,NO ,NO
Oracle Database Vault ,NO ,NO ,DV_ADMIN , ,Participant ,NO ,NO
Oracle Database Vault ,NO ,NO ,DV_OWNER , ,Owner ,NO ,NO
Oracle Database Vault ,NO ,NO ,LBACSYS , ,Owner ,NO ,NO
Oracle Default Component Protection Realm ,NO ,NO ,SYS , ,Owner ,NO ,NO
Oracle Default Component Protection Realm ,NO ,NO ,SYSTEM , ,Owner ,NO ,NO
Oracle Default Schema Protection Realm ,NO ,NO ,SYS , ,Owner ,NO ,NO
Oracle Enterprise Manager ,NO ,NO ,DBSNMP , ,Owner ,NO ,NO
Oracle Enterprise Manager ,NO ,NO ,SYSTEM , ,Owner ,NO ,NO
Oracle System Privilege and Role Management Realm ,NO ,NO ,SYS , ,Owner ,NO ,NO
12 rows selected.

Now Replication:

Source data load:

SQL> conn encvault_test/encvault_test@ggsrc04t
Connected.

SQL> select max(eid) from ggtest1;
MAX(EID)
----------
3000
SQL> insert into ggtest1
2 select (level+3000) eid,mod(level,6) pincode,rpad('X',mod(level,5)) branchcode,lpad('A',mod(level,5))||rpad('B',mod(level,5)) ename
3 from dual
4 connect by level <= 1000;
1000 rows created.

SQL> commit;
Commit complete.

SQL> select count(1) from ggtest1;
COUNT(1)
----------
3999
SQL> select max(eid) from ggtest1;
MAX(EID)
----------
4000
SQL>
SQL> disc

Target Side:

SQL> conn encvault_test/encvault_test@192.168.194.11:1521/ggtgt04t
Connected.

SQL> select max(eid) from ggtest1;
MAX(EID)
----------
4000 <<< the last 1000 records (the records that were added after authorization) flew without issues

SQL> select count(1) from ggtest1;
COUNT(1)
----------
2999 <<< from 1999 it came to 2999

This closes this quick blog. So it is better to realm autorization before starting the replication.

YouTube which pushed me to create this blog:

Thanks

Oracle GoldenGate Replication Troubleshooting using GoldenGate logdump utility - Microservice Architecture

Oracle Golden Gate 21.3 - Usage of logdump to find the rba corresponding to a csn

Usage notes:
GoldenGate's logdump is a utility used to troubleshoot oracle golden gate replication issues with conflict transaction, unsupported operation etc...

Scenario in our case: In our case, we are going to use this to workaroud a bug 33701569

Our situation:

Replication is reluctant to start here...

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 5> start replicat rpt2;
2023-08-26T21:47:25Z ERROR OGG-12111 JSON element '/' does not match any schemas

========
Replicat info output:

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 4> info replicat rpt2 detail
Replicat RPT2 Initialized 2023-08-26 22:41 Status STOPPED
Parallel
Checkpoint Lag 00:00:00 (updated 00:03:56 ago)
Log Read Checkpoint File src/r3000000000
First Record RBA 0
Encryption Profile LocalWallet
Current Log BSN value: (no data)

Low Watermark CSN value: (no data)

High Watermark CSN value: (no data)

Current directory /
Report file /oggdata/oggdep01/var/lib/report/RPT2.rpt (does not yet exist)
Parameter file /oggdata/oggdep01/etc/conf/ogg/rpt2.prm
Checkpoint file /oggdata/oggdep01/var/lib/checkpt/RPT2.cpr
Checkpoint table ggadmin_tgt.ggs_checkpoint
Process file /oggdata/oggdep01/var/run/RPT2.pcr
Error log /oggdata/oggdep01/var/log/ggserr.log
========

The replicat isnt able to navigate through the extract file, is stuck @ rba 0 with extractfile seq 0.
No error message in file /oggdata/oggdep01/var/log/ggserr.log as well.
So now we need to navigate manually through the extract.

As part of the replication setup..

1. I enabled extract, extract was running.
2. RMAN backup was secured and restored in target using a scn 459732

[This scn translates to "Incomplete Recovery applied until change 459732 time 08/26/2023 17:48:09" from GGTGT04T alert log when recovery finished]

Steps:
1. Launch logdump from ${GG_HOME} and turn on necessary env settings

FILEHEADER DETAIL
GHDR ON
DETAIL ON
USERTOKEN DETAIL
RECLEN 128

Actual output:

[oracle@vcentos79-oracle-sa1 ~]$ logdump
Oracle GoldenGate Log File Dump Utility for Oracle
Version 21.3.0.0.0 OGGCORE_21.3.0.0.0_PLATFORMS_210728.1047
Copyright (C) 1995, 2021, Oracle and/or its affiliates. All rights reserved.

Logdump 73 >FILEHEADER DETAIL
GHDR ON
DETAIL ON
USERTOKEN DETAIL
RECLEN 128Logdump 74 >Logdump 75 >Logdump 76 >Logdump 77 >
Record length set to 128
Logdump 78 >

2. Open the necessary trail file

open /oggdata/oggdep01/var/lib/data/src/r3000000000
open /oggdata/oggdep01/var/lib/data/src/r3000000001

Actual output - follow next step for iteration through file.

tail file info:
[oracle@vcentos79-oracle-sa1 src]$ ls -altr
total 1280
drwxr-x---. 3 oracle oinstall 17 Jun 18 20:22 ..
-rw-r-----. 1 oracle oinstall 1329 Jun 18 21:26 es000000000
-rw-r-----. 1 oracle oinstall 2450 Jun 21 07:21 es000000001
-rw-r-----. 1 oracle oinstall 7202 Jun 25 17:06 es000000002
-rw-r-----. 1 oracle oinstall 1388 Jul 1 14:28 es000000003
-rw-r-----. 1 oracle oinstall 31225 Jul 1 16:31 es000000004
-rw-r-----. 1 oracle oinstall 51294 Aug 12 11:36 r2000000000
-rw-r-----. 1 oracle oinstall 11367 Aug 12 11:44 r2000000001
-rw-r-----. 1 oracle oinstall 13527 Aug 12 11:48 r2000000002
-rw-r-----. 1 oracle oinstall 7043 Aug 12 12:02 r2000000003
-rw-r-----. 1 oracle oinstall 20012 Aug 12 12:08 r2000000004
-rw-r-----. 1 oracle oinstall 690186 Aug 12 22:37 r2000000005
-rw-r-----. 1 oracle oinstall 71518 Aug 26 21:59 r3000000000 << file 0
drwxr-x---. 2 oracle oinstall 253 Aug 26 21:59 .
-rw-r-----. 1 oracle oinstall 380345 Aug 26 23:07 r3000000001 << file 1

[oracle@vcentos79-oracle-sa1 src]$ pwd
/oggdata/oggdep01/var/lib/data/src

[oracle@vcentos79-oracle-sa1 src]$ stat r3000000000
File: ‘r3000000000’
Size: 71518 Blocks: 144 IO Block: 4096 regular file
Device: fd08h/64776d Inode: 524396 Links: 1
Access: (0640/-rw-r-----) Uid: (54321/ oracle) Gid: (54321/oinstall)
Context: system_u:object_r:unlabeled_t:s0
Access: 2023-08-27 10:51:35.847861771 +0100
Modify: 2023-08-26 21:59:20.180867510 +0100
Change: 2023-08-26 21:59:20.180867510 +0100
Birth: -
[oracle@vcentos79-oracle-sa1 src]$

3. Set position in trailfile to 0 and perform filter on the csn

pos 0
filter include csn > 459732
show filter
next

Actual output:

Logdump 78 >open /oggdata/oggdep01/var/lib/data/src/r3000000000
Current log trail file is /oggdata/oggdep01/var/lib/data/src/r3000000000.

Logdump 79 >pos 0
Reading forward from RBA 0

Logdump 80 >filter include csn > 459732

Logdump 81 >show filter
Data filters are ENABLED
Include match any

GGSTOKEN LOGCSN > 459732
Exclude match any

Logdump 82 >next
Filtering suppressed 66 records <<< all the records are suppressed

Logdump 83 >filter clear

Logdump 84 >show filter
Data filters are ENABLED
Include match any
Exclude match any

Logdump 85 >open /oggdata/oggdep01/var/lib/data/src/r3000000001
Log trail file /oggdata/oggdep01/var/lib/data/src/r3000000000 closed.
Current log trail file is /oggdata/oggdep01/var/lib/data/src/r3000000001.

Logdump 86 >pos 0
Reading forward from RBA 0

Logdump 87 >filter include csn > 459732

Logdump 88 >show filter
Data filters are ENABLED
Include match any
GGSTOKEN LOGCSN > 459732
Exclude match any

Logdump 89 >n
___________________________________________________________________
Hdr-Ind : E (x45) Partition : L (x4c)
UndoFlag : . (x00) BeforeAfter: A (x41)
RecLength : 960 (x03c0) IO Time : 2023/08/26 17:48:28.000.000
IOType : 135 (x87) OrigNode : 255 (xff)
TransInd : . (x03) FormatType : R (x52)
SyskeyLen : 0 (x00) Incomplete : . (x00)
AuditRBA : 14 AuditPos : 258576
Continued : N (x00) RecCount : 1 (x01)
Oracle RBA : 0x00000e.000001f9.0010
2023/08/26 17:48:28.000.000 GGSUnifiedPKUpdate Len 960 RBA 36083
Name: GGADMIN.GG_HEARTBEAT_SEED (TDR Index: 1)
After Image: Partition x4c G s
de01 0000 0000 0c00 0000 0800 4747 5352 4330 3454 | ............GGSRC04T
0100 1f00 0000 3230 3233 2d30 382d 3236 3a31 363a | ......2023-08-26:16:
3437 3a32 382e 3035 3837 3831 3030 3002 0004 00ff | 47:28.058781000.....
ff00 0003 000c 0000 0008 0047 4753 5243 3034 5404 | ...........GGSRC04T.
0004 00ff ff00 0005 0004 00ff ff00 0006 0004 00ff | ....................
ff00 0007 001f 00ff ff00 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 | ........
Before Image Len 482 (x000001e2)
BeforeColumnLen 478 (x000001de)
Column 0 (x0000), Len 12 (x000c)
Column 1 (x0001), Len 31 (x001f)
Column 2 (x0002), Len 4 (x0004)
Column 3 (x0003), Len 12 (x000c)
Column 4 (x0004), Len 4 (x0004)
Column 5 (x0005), Len 4 (x0004)
Column 6 (x0006), Len 4 (x0004)
Column 7 (x0007), Len 31 (x001f)
Column 8 (x0008), Len 31 (x001f)
Column 9 (x0009), Len 31 (x001f)
Column 10 (x000a), Len 31 (x001f)
Column 11 (x000b), Len 8 (x0008)
Column 12 (x000c), Len 4 (x0004)
Column 13 (x000d), Len 4 (x0004)
Column 14 (x000e), Len 31 (x001f)
Column 15 (x000f), Len 31 (x001f)
Column 16 (x0010), Len 31 (x001f)
Column 17 (x0011), Len 31 (x001f)
Column 18 (x0012), Len 4 (x0004)
Column 19 (x0013), Len 10 (x000a)
Column 20 (x0014), Len 10 (x000a)
Column 21 (x0015), Len 31 (x001f)
After Image Len 478 (x000001de)
Column 0 (x0000), Len 12 (x000c)
Column 1 (x0001), Len 31 (x001f)
Column 2 (x0002), Len 4 (x0004)
Column 3 (x0003), Len 12 (x000c)
Column 4 (x0004), Len 4 (x0004)
Column 5 (x0005), Len 4 (x0004)
Column 6 (x0006), Len 4 (x0004)
Column 7 (x0007), Len 31 (x001f)
Column 8 (x0008), Len 31 (x001f)
Column 9 (x0009), Len 31 (x001f)
Column 10 (x000a), Len 31 (x001f)
Column 11 (x000b), Len 8 (x0008)
Column 12 (x000c), Len 4 (x0004)
Column 13 (x000d), Len 4 (x0004)
Column 14 (x000e), Len 31 (x001f)
Column 15 (x000f), Len 31 (x001f)
Column 16 (x0010), Len 31 (x001f)
Column 17 (x0011), Len 31 (x001f)
Column 18 (x0012), Len 4 (x0004)
Column 19 (x0013), Len 10 (x000a)
Column 20 (x0014), Len 10 (x000a)
Column 21 (x0015), Len 31 (x001f)

Filtering suppressed 34 records

Logdump 90 >count
** Count begins at RBA 36,083
LogTrail /oggdata/oggdep01/var/lib/data/src/r3000000001 has 320 records
Total Data Bytes 307200
Avg Bytes/Record 960
GGSPKUpdate 320
After Images 320
Average of 320 Transactions
Bytes/Trans ..... 1008
Records/Trans ... 1
Files/Trans ..... 1

GGADMIN.GG_HEARTBEAT_SEED Partition x4c
Total Data Bytes 307200
Avg Bytes/Record 960
GGSPKUpdate 320
After Images 320

If you want to see much more details - increasing the record length can help.

Logdump 91 >RECLEN 1024
Record length set to 1,024

Logdump 92 >n
___________________________________________________________________
Hdr-Ind : E (x45) Partition : L (x4c)
UndoFlag : . (x00) BeforeAfter: A (x41)
RecLength : 960 (x03c0) IO Time : 2023/08/26 17:48:28.000.000
IOType : 135 (x87) OrigNode : 255 (xff)
TransInd : . (x03) FormatType : R (x52)
SyskeyLen : 0 (x00) Incomplete : . (x00)
AuditRBA : 14 AuditPos : 258576
Continued : N (x00) RecCount : 1 (x01)
Oracle RBA : 0x00000e.000001f9.0010
2023/08/26 17:48:28.000.000 GGSUnifiedPKUpdate Len 960 RBA 36083
Name: GGADMIN.GG_HEARTBEAT_SEED (TDR Index: 1)
After Image: Partition x4c G s
de01 0000 0000 0c00 0000 0800 4747 5352 4330 3454 | ............GGSRC04T
0100 1f00 0000 3230 3233 2d30 382d 3236 3a31 363a | ......2023-08-26:16:
3437 3a32 382e 3035 3837 3831 3030 3002 0004 00ff | 47:28.058781000.....
ff00 0003 000c 0000 0008 0047 4753 5243 3034 5404 | ...........GGSRC04T.
0004 00ff ff00 0005 0004 00ff ff00 0006 0004 00ff | ....................
ff00 0007 001f 00ff ff00 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0800 | ....................
1f00 ffff 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0000 0009 001f 00ff ff00 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0a00 1f00 ffff 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 000b 0008 0000 0004 0052 5854 330c 0004 00ff | ...........RXT3.....
ff00 000d 0004 00ff ff00 000e 001f 00ff ff00 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0f00 1f00 0000 3230 3233 2d30 382d | ............2023-08-
3236 2032 303a 3539 3a32 342e 3536 3831 3131 3030 | 26 20:59:24.56811100
3010 001f 00ff ff00 0000 0000 0000 0000 0000 0000 | 0...................
0000 0000 0000 0000 0000 0000 0000 0000 1100 1f00 | ....................
ffff 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0012 0004 00ff ff00 0013 | ....................
000a 0000 0006 0034 3539 3738 3014 000a 0000 0006 | .......459780....... <<<<<<<<<<< CSN>459732
0034 3537 3636 3415 001f 0000 0032 3032 332d 3038 | .457664......2023-08
2d32 3620 3136 3a33 333a 3537 2e30 3030 3030 3030 | -26 16:33:57.0000000
3030 0000 0c00 0000 0800 4747 5352 4330 3454 0100 | 00........GGSRC04T..
1f00 0000 3230 3233 2d30 382d 3236 3a31 363a 3438 | ....2023-08-26:16:48
3a32 382e 3139 3039 3036 3030 3002 0004 00ff ff00 | :28.190906000.......
0003 000c 0000 0008 0047 4753 5243 3034 5404 0004 | .........GGSRC04T...
00ff ff00 0005 0004 00ff ff00 0006 0004 00ff ff00 | ....................
0007 001f 00ff ff00 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0800 1f00 | ....................
ffff 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0009 001f 00ff ff00 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0a00 1f00 ffff 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
000b 0008 0000 0004 0052 5854 330c 0004 00ff ff00 | .........RXT3.......
000d 0004 00ff ff00 000e 001f 00ff ff00 0000 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0f00 1f00 0000 3230 3233 2d30 382d 3236 | ..........2023-08-26
2032 303a 3539 3a32 342e 3536 3831 3131 3030 3010 | 20:59:24.568111000.
001f 00ff ff00 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0000 0000 0000 1100 1f00 ffff | ....................
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 | ....................
0000 0000 0000 0000 0012 0004 00ff ff00 0013 000a | ....................
0000 0006 0034 3539 3738 3014 000a 0000 0006 0034 | .....459780........4
3537 3636 3415 001f 0000 0032 3032 332d 3038 2d32 | 57664......2023-08-2
3620 3136 3a33 333a 3537 2e30 3030 3030 3030 3030 | 6 16:33:57.000000000
Before Image Len 482 (x000001e2)
BeforeColumnLen 478 (x000001de)
Column 0 (x0000), Len 12 (x000c)
Column 1 (x0001), Len 31 (x001f)
Column 2 (x0002), Len 4 (x0004)
Column 3 (x0003), Len 12 (x000c)
Column 4 (x0004), Len 4 (x0004)
Column 5 (x0005), Len 4 (x0004)
Column 6 (x0006), Len 4 (x0004)
Column 7 (x0007), Len 31 (x001f)
Column 8 (x0008), Len 31 (x001f)
Column 9 (x0009), Len 31 (x001f)
Column 10 (x000a), Len 31 (x001f)
Column 11 (x000b), Len 8 (x0008)
Column 12 (x000c), Len 4 (x0004)
Column 13 (x000d), Len 4 (x0004)
Column 14 (x000e), Len 31 (x001f)
Column 15 (x000f), Len 31 (x001f)
Column 16 (x0010), Len 31 (x001f)
Column 17 (x0011), Len 31 (x001f)
Column 18 (x0012), Len 4 (x0004)
Column 19 (x0013), Len 10 (x000a)
Column 20 (x0014), Len 10 (x000a)
Column 21 (x0015), Len 31 (x001f)
After Image Len 478 (x000001de)
Column 0 (x0000), Len 12 (x000c)
Column 1 (x0001), Len 31 (x001f)
Column 2 (x0002), Len 4 (x0004)
Column 3 (x0003), Len 12 (x000c)
Column 4 (x0004), Len 4 (x0004)
Column 5 (x0005), Len 4 (x0004)
Column 6 (x0006), Len 4 (x0004)
Column 7 (x0007), Len 31 (x001f)
Column 8 (x0008), Len 31 (x001f)
Column 9 (x0009), Len 31 (x001f)
Column 10 (x000a), Len 31 (x001f)
Column 11 (x000b), Len 8 (x0008)
Column 12 (x000c), Len 4 (x0004)
Column 13 (x000d), Len 4 (x0004)
Column 14 (x000e), Len 31 (x001f)
Column 15 (x000f), Len 31 (x001f)
Column 16 (x0010), Len 31 (x001f)
Column 17 (x0011), Len 31 (x001f)
Column 18 (x0012), Len 4 (x0004)
Column 19 (x0013), Len 10 (x000a)
Column 20 (x0014), Len 10 (x000a)
Column 21 (x0015), Len 31 (x001f)
Logdump 93 >

YouTube video corresponding to the blog:

This closes the blog.

Setup Golden Gate replicate on oracle DB 19c (which already has TDE & Database Vault enabled) with source db version of 12.2

Setup Golden Gate replicate on oracle DB 19c (which already has TDE & Database Vault enabled) with source db version of 12.2

Extract from : 12.2.0.1
Replicate to : 19.3.0
Direction: Uni (from source to target)

Assumption:

1.Extract is already running

2.Instantiation is completed

3.A cold backup of the db as needed

4.droping the ggadmin user & GG_DATA tablespace from source (in case we used rman to restore the source db)

5.drop SUPPLEMENTAL log in target (since it is a unidirectional replication and application will point to it at sometime)

ALTER DATABASE DROP SUPPLEMENTAL LOG DATA;
22:08:38 SQL> select name,open_mode,log_mode,force_logging,SUPPLEMENTAL_LOG_DATA_MIN,CURRENT_SCN from v$database;
NAME ,OPEN_MODE ,LOG_MODE ,FORCE_LOGGING ,SUPPLEME,CURRENT_SCN
---------,--------------------,------------,---------------------------------------,--------,-----------
GGTGT04T ,READ WRITE ,ARCHIVELOG ,YES ,NO , 1028106
Elapsed: 00:00:00.00

6.reset ENABLE_GOLDENGATE_REPLICATION /*+ wrong - we need this parameter - so no reset */
NAME ,TYPE ,VALUE
------------------------------------,-----------,------------------------------
enable_goldengate_replication ,boolean ,FALSE

7.If you have DataGuard, leave force_logging asis

Steps:

1. Prepare the target db for replicat
2. Add credential for GG extract using cURL or admin client web UI (BUI)
3. Setup the GG replicat using admin client
4. Start the GG replicat

Reference url: oracle document

1. Prepare the target db for replicat:

From the doc:

ALTER SESSION SET CONTAINER=dbwest; -- ours is a standalone db
CREATE USER ggadmin IDENTIFIED BY PASSWORD CONTAINER=CURRENT; -- standalone
CREATE USER ggadmin IDENTIFIED BY PASSWORD
GRANT ALTER SYSTEM TO ggadmin CONTAINER=CURRENT;
GRANT CREATE SESSION TO ggadmin CONTAINER=CURRENT;
GRANT ALTER ANY TABLE TO ggadmin CONTAINER=CURRENT;
GRANT RESOURCE TO ggadmin CONTAINER=CURRENT;
GRANT DBA TO ggadmin CONTAINER=CURRENT;
GRANT DV_GOLDENGATE_ADMIN, DV_GOLDENGATE_REDO_ACCESS TO GGADMIN CONTAINER=CURRENT;
EXEC DBMS_GOLDENGATE_AUTH.GRANT_ADMIN_PRIVILEGE('ggadmin');

1.a) actual setup commands

CREATE TABLESPACE GG_DATA_TGT DATAFILE '/oradata/GGTGT04T/gg_data_tgt_01.dbf' SIZE 100M AUTOEXTEND ON NEXT 100M;

-- as dbv_owner user
CREATE USER ggadmin_tgt IDENTIFIED BY "ggadmin_tgt" DEFAULT TABLESPACE GG_DATA_TGT TEMPORARY TABLESPACE TEMP;
grant connect to ggadmin_tgt;
alter user ggadmin_tgt quota unlimited on GG_DATA_TGT;
GRANT DV_GOLDENGATE_ADMIN, DV_GOLDENGATE_REDO_ACCESS TO ggadmin_tgt;

-- other permission as sys
GRANT ALTER SYSTEM TO ggadmin_tgt;
GRANT CREATE SESSION TO ggadmin_tgt;
GRANT ALTER ANY TABLE TO ggadmin_tgt;
GRANT RESOURCE TO ggadmin_tgt;
GRANT DBA TO ggadmin_tgt;
EXEC DBMS_GOLDENGATE_AUTH.GRANT_ADMIN_PRIVILEGE('ggadmin_tgt');

Actual output:

SQL> select name,open_mode from v$database;
NAME OPEN_MODE
--------- --------------------
GGTGT04T MOUNTED

SQL> alter database open;
Database altered.

SQL> select name,open_mode from v$database;
NAME OPEN_MODE
--------- --------------------
GGTGT04T READ WRITE

SQL> CREATE TABLESPACE GG_DATA_TGT DATAFILE '/oradata/GGTGT04T/gg_data_tgt_01.dbf' SIZE 100M AUTOEXTEND ON NEXT 100M;
Tablespace created.

SQL> conn dbv_owner/dbv_owner1#
Connected.

SQL> CREATE USER ggadmin_tgt IDENTIFIED BY "ggadmin_tgt" DEFAULT TABLESPACE GG_DATA_TGT TEMPORARY TABLESPACE TEMP;
User created.

SQL> grant connect to ggadmin_tgt;
Grant succeeded.

SQL> alter user ggadmin_tgt quota unlimited on GG_DATA_TGT;
User altered.

SQL> GRANT DV_GOLDENGATE_ADMIN, DV_GOLDENGATE_REDO_ACCESS TO ggadmin_tgt;
Grant succeeded.

SQL> conn / as sysdba
Connected.

SQL> GRANT ALTER SYSTEM TO ggadmin_tgt;
Grant succeeded.

SQL> GRANT CREATE SESSION TO ggadmin_tgt;
Grant succeeded.

SQL> GRANT ALTER ANY TABLE TO ggadmin_tgt;
Grant succeeded.

SQL> GRANT RESOURCE TO ggadmin_tgt;
Grant succeeded.

SQL> GRANT DBA TO ggadmin_tgt;
Grant succeeded.

SQL> EXEC DBMS_GOLDENGATE_AUTH.GRANT_ADMIN_PRIVILEGE('ggadmin_tgt');
PL/SQL procedure successfully completed.
SQL>

1.b) DB Setup verify

set lines 300
set pages 3000
set colsep ,
col username for a15
col account_status for a15
set time on
set timing on
alter session set nls_date_format='DD/MON/YYYY HH24:MI:SS';
select name,open_mode,log_mode,force_logging,SUPPLEMENTAL_LOG_DATA_MIN,CURRENT_SCN from v$database;
select instance_name,status from v$instance;
show parameter ENABLE_GOLDENGATE_REPLICATION;
select username,account_status,DEFAULT_TABLESPACE,TEMPORARY_TABLESPACE,created from dba_users where username='GGADMIN_TGT';
select tablespace_name,sum(bytes)/1024/1024,sum(maxbytes)/1024/1024 from dba_data_files where tablespace_name='GG_DATA_TGT' group by tablespace_name;

Actual output:

SQL> set lines 300
set pages 3000
set colsep ,
col username for a15
col account_status for a15
set time on
set timing on

alter session set nls_date_format='DD/MON/YYYY HH24:MI:SS';
Session altered.
Elapsed: 00:00:00.00

22:30:41 SQL>

22:30:41 SQL> select name,open_mode,log_mode,force_logging,SUPPLEMENTAL_LOG_DATA_MIN,CURRENT_SCN from v$database;
NAME ,OPEN_MODE ,LOG_MODE ,FORCE_LOGGING ,SUPPLEME,CURRENT_SCN
---------,--------------------,------------,---------------------------------------,--------,-----------
GGTGT04T ,READ WRITE ,ARCHIVELOG ,YES ,NO , 1032053
Elapsed: 00:00:00.00

22:30:46 SQL> select instance_name,status from v$instance;

INSTANCE_NAME ,STATUS
----------------,------------
GGTGT04T ,OPEN
Elapsed: 00:00:00.00

22:31:03 SQL> show parameter ENABLE_GOLDENGATE_REPLICATION;
NAME ,TYPE ,VALUE
------------------------------------,-----------,------------------------------
enable_goldengate_replication ,boolean ,FALSE

22:31:09 SQL> select username,account_status,DEFAULT_TABLESPACE,TEMPORARY_TABLESPACE,created from dba_users where username='GGADMIN_TGT';
USERNAME ,ACCOUNT_STATUS ,DEFAULT_TABLESPACE ,TEMPORARY_TABLESPACE ,CREATED
---------------,---------------,------------------------------,------------------------------,--------------------
GGADMIN_TGT ,OPEN ,GG_DATA_TGT ,TEMP ,26/AUG/2023 22:29:18
Elapsed: 00:00:00.02

22:31:17 SQL> select tablespace_name,sum(bytes)/1024/1024,sum(maxbytes)/1024/1024 from dba_data_files where tablespace_name='GG_DATA_TGT' group by tablespace_name;
TABLESPACE_NAME ,SUM(BYTES)/1024/1024,SUM(MAXBYTES)/1024/1024
------------------------------,--------------------,-----------------------
GG_DATA_TGT , 100, 32767.9844
Elapsed: 00:00:00.01
22:31:32 SQL>

1.c) create a guarnteed restore point

create restore point PRE_GGREPLICAT guarantee flashback database;

If at all we need to replicate the steps, we can resume from here.

2. Add credential for GG extract using cURL or admin client web UI (BUI)

Verify in adminclient:

INFO CREDENTIALSTORE

Actual output:

OGG (not connected) 1> connect http://127.0.0.1:9011 deployment oggdep01 user ggsca password ggsca

OGG (http://127.0.0.1:9011 oggdep01) 2> INFO CREDENTIALSTORE
Default domain: OracleGoldenGate
Alias: ggsrc04t
Userid: ggadmin@192.168.194.10:1521/ggsrc04t

Alias: ggsrc01t
Userid: GGADMIN@192.168.194.10:1521/ggsrc01t

Alias: ggadmin_opdb1
Userid: ggadmin@127.0.0.1:1521/OPDB1

Alias: cggadmin
Userid: c##ggadmin@127.0.0.1:1521/ORA19C

Alias: ggadmin_DBCASLNT
Userid: ggadmin@192.168.194.6:1521/DBCASLNT

Alias: ggsrc03t
Userid: ggadmin@192.168.194.10:1521/ggsrc03t

Alias: ggtgt04t
Userid: ggadmin_tgt@192.168.194.11:1521/ggtgt04t
OGG (http://127.0.0.1:9011 oggdep01) 3>

3. Setup the GG replicat using admin client

export OGG_HOME=/u01/app/oracle/product/21.3.0/ogg_home_1
export PATH=$PATH:$OGG_HOME/bin
adminclient

connect http://127.0.0.1:9011 deployment oggdep01 user ggsca password ggsca

DBLOGIN USERIDALIAS ggtgt04t

ADD HEARTBEATTABLE

ADD CHECKPOINTTABLE ggadmin_tgt.ggs_checkpoint

Actual output:

OGG (http://127.0.0.1:9011 oggdep01) 3> DBLOGIN USERIDALIAS ggtgt04t
Successfully logged into database.

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 4> ADD HEARTBEATTABLE
2023-08-26T21:39:28Z INFO OGG-14101 Successfully added heartbeat table.

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 5> ADD CHECKPOINTTABLE ggadmin_tgt.ggs_checkpoint
OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 6>

On the target db:

22:40:22 SQL> select owner,object_name,objecT_type,created from dba_objects where owner='GGADMIN_TGT' order by created;
OWNER ,OBJECT_NAME ,OBJECT_TYPE ,CREATED
---------------,--------------------,--------------------,--------------------
GGADMIN_TGT ,GG_HEARTBEAT_SEED ,TABLE ,26/AUG/2023 22:39:25
GGADMIN_TGT ,GG_HEARTBEAT ,TABLE ,26/AUG/2023 22:39:25
GGADMIN_TGT ,GG_HEARTBEAT_HISTORY,TABLE ,26/AUG/2023 22:39:25
GGADMIN_TGT ,GG_LAG ,VIEW ,26/AUG/2023 22:39:25
GGADMIN_TGT ,GG_LAG_HISTORY ,VIEW ,26/AUG/2023 22:39:25
GGADMIN_TGT ,GG_UPDATE_HB_TAB ,PROCEDURE ,26/AUG/2023 22:39:27
GGADMIN_TGT ,GG_PURGE_HB_TAB ,PROCEDURE ,26/AUG/2023 22:39:27
GGADMIN_TGT ,GG_UPDATE_HEARTBEATS,JOB ,26/AUG/2023 22:39:28
GGADMIN_TGT ,GG_PURGE_HEARTBEATS ,JOB ,26/AUG/2023 22:39:28
GGADMIN_TGT ,GGS_CHECKPOINT ,TABLE ,26/AUG/2023 22:39:36
GGADMIN_TGT ,SYS_C006989 ,INDEX ,26/AUG/2023 22:39:36
GGADMIN_TGT ,GGS_CHECKPOINT_LOX ,TABLE ,26/AUG/2023 22:39:36
GGADMIN_TGT ,SYS_C006995 ,INDEX ,26/AUG/2023 22:39:36
13 rows selected.
Elapsed: 00:00:00.04
22:40:37 SQL>

3.b) Add replicat process:

ADD REPLICAT rpt2, PARALLEL, EXTTRAIL src/r3, checkpointtable ggadmin_tgt.ggs_checkpoint

Param file: /oggdata/oggdep01/etc/conf/ogg/RPT2.prm
REPLICAT rpt2
USERIDALIAS ggtgt04t DOMAIN OracleGoldenGate
--DDL EXCLUDE ALL
DDLERROR default discard
REPERROR (default,discard)
DDLOPTIONS REPORT
MAP encvault_test.*, target encvault_test.*, FILTER ( @GETENV('TRANSACTION', 'CSN') > 459732);

info replicat rpt2

Actual output:

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 6> ADD REPLICAT rpt2, PARALLEL, EXTTRAIL src/r3, checkpointtable ggadmin_tgt.ggs_checkpoint

2023-08-26T21:41:39Z INFO OGG-08100 Parallel Replicat added.

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 7> info replicat rpt2
Replicat RPT2 Initialized 2023-08-26 22:41 Status STOPPED
Parallel
Checkpoint Lag 00:00:00 (updated 00:00:07 ago)
Log Read Checkpoint File src/r3000000000
First Record RBA 0
Encryption Profile LocalWallet

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 8> info replicat rpt2 detail
Replicat RPT2 Initialized 2023-08-26 22:41 Status STOPPED
Parallel
Checkpoint Lag 00:00:00 (updated 00:00:12 ago)
Log Read Checkpoint File src/r3000000000
First Record RBA 0
Encryption Profile LocalWallet
Current Log BSN value: (no data)

Low Watermark CSN value: (no data)

High Watermark CSN value: (no data)

Current directory /
Report file /oggdata/oggdep01/var/lib/report/RPT2.rpt (does not yet exist)
Parameter file /oggdata/oggdep01/etc/conf/ogg/rpt2.prm (does not yet exist)
Checkpoint file /oggdata/oggdep01/var/lib/checkpt/RPT2.cpr
Checkpoint table ggadmin_tgt.ggs_checkpoint
Process file /oggdata/oggdep01/var/run/RPT2.pcr
Error log /oggdata/oggdep01/var/log/ggserr.log
OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 9>

[oracle@vcentos79-oracle-sa1 ~]$ vi /oggdata/oggdep01/etc/conf/ogg/rpt2.prm

[oracle@vcentos79-oracle-sa1 ~]$ cat /oggdata/oggdep01/etc/conf/ogg/rpt2.prm
REPLICAT rpt2
USERIDALIAS ggtgt04t DOMAIN OracleGoldenGate
--DDL EXCLUDE ALL
DDLERROR default discard
REPERROR (default,discard)
DDLOPTIONS REPORT
MAP encvault_test.*, target encvault_test.*, FILTER ( @GETENV('TRANSACTION', 'CSN') > 459732);
[oracle@vcentos79-oracle-sa1 ~]$

4. Start the GG replicat

start replicat rpt2 < we have mentioned the csn number to start the replication in param file.

info replicat rpt2

status replicat rpt2

Actual output:

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 13> info replicat rpt2 detail

Replicat RPT2 Last Started 2023-08-27 14:25 Status RUNNING

Parallel

Checkpoint Lag 00:14:21 (updated 00:00:08 ago)

Process ID 22911

Log Read Checkpoint File src/r3000000002

2023-08-27 14:11:28.912725 RBA 14566

Encryption Profile LocalWallet

Current Log BSN value: 526850

Low Watermark CSN value: 526967

High Watermark CSN value: 526967

Current directory /

Report file /oggdata/oggdep01/var/lib/report/RPT2.rpt

Parameter file /oggdata/oggdep01/etc/conf/ogg/rpt2.prm

Checkpoint file /oggdata/oggdep01/var/lib/checkpt/RPT2.cpr

Checkpoint table ggadmin_tgt.ggs_checkpoint

Process file /oggdata/oggdep01/var/run/RPT2.pcr

Error log /oggdata/oggdep01/var/log/ggserr.log

OGG (http://127.0.0.1:9011 oggdep01 as ggtgt04t@GGTGT04T) 14>

note:

If you face the below error, it could be oracle bug 33701569. In this case you need to remove the csn from the param file and then alter replicat to begin from correct extseq and extrba

ERROR OGG-12111 JSON element '/' does not match any schemas

Ex.:

alter replicat rpt2, extseqno 1, extrba 36083

GG replication validation:

In source:

create table ggtest1

select level eid,mod(level,6) pincode,rpad('X',mod(level,5)) branchcode,lpad('A',mod(level,5))||rpad('B',mod(level,5)) ename

from dual

connect by level < 1000;

alter table ggtest1 add constraint primary key (eid);

insert into ggtest1

select (level+1000) eid,mod(level,6) pincode,rpad('X',mod(level,5)) branchcode,lpad('A',mod(level,5))||rpad('B',mod(level,5)) ename

from dual

connect by level <= 1000;

Actual output:

SQL> create table ggtest1

select level eid,mod(level,6) pincode,rpad('X',mod(level,5)) branchcode,lpad('A',mod(level,5))||rpad('B',mod(level,5)) ename

from dual

connect by level < 1000; 2 3 4 5

Table created.

SQL> alter table ggtest1 add constraint eid_pk primary key (eid);

Table altered.

SQL> select count(1) from ggtest1;

COUNT(1)

----------

999

Check in target after replication process kicked off:

SQL> select count(1) from encvault_test.ggtest1;

COUNT(1)

----------

999

After loading some data in source:

SQL> insert into ggtest1

select (level+1000) eid,mod(level,6) pincode,rpad('X',mod(level,5)) branchcode,lpad('A',mod(level,5))||rpad('B',mod(level,5)) ename

from dual

connect by level <= 1000; 2 3 4

1000 rows created.

SQL> commit;

Commit complete.

SQL> select count(1) from encvault_test.ggtest1;

COUNT(1)

----------

1999

SQL>

Check in target:

SQL> select count(1) from encvault_test.ggtest1;

COUNT(1)

----------

999

SQL> /

COUNT(1)

----------

1999

SQL>

This closes the blog.

Please refer to the YouTube video corresponding to the blog:

Monday, August 28, 2023

Oracle Databae Vault impact on GoldenGate replication - DBMS_MACADM.ADD_AUTH_TO_REALM

Oracle GoldenGate Replication Troubleshooting using GoldenGate logdump utility - Microservice Architecture

Oracle Golden Gate 21.3 - Usage of logdump to find the rba corresponding to a csn

Setup Golden Gate replicate on oracle DB 19c (which already has TDE & Database Vault enabled) with source db version of 12.2

Flashback data archive steps