Scenario 2: Prepare the Environment
Configure the network configuration files and wallet files required on each host to facilitate connections to the source and target databases.
Configure the tnsnames.ora
files on each host.
BOSTON =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = boshost.example.com)(PORT = 1521))
(CONNECT_DATA = (SERVER = DEDICATED)
(SERVICE_NAME = boston.example.com)
)
)
NEWYORK =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = nychost.example.com)(PORT = 1521))
(CONNECT_DATA = (SERVER = DEDICATED)
(SERVICE_NAME = newyork.example.com)
)
)
On
systems where connections to the various PDBs are required, also update the
tnsnames.ora files to include additional aliases that resolve to connect identifiers
that enable connections directly to the PDBs. Create wallets that contain the credentials required to create and manage the DG PDB configuration.
Identify (and create if necessary) the SYSDBA-privileged user that will be used for DGMGRL connections. For the scenario examples, wallet credentials for the SYS user for the source database and target database will be configured. Unlike CDB-level Data Guard protection, which requires all databases in a configuration to share the same passwords, the passwords for the SYS user for each database configured with PDB-level Data Guard protection are assumed to be different.
$ mkdir -p $ORACLE_HOME/dbs/wallets
$ chmod -R 700 $ORACLE_HOME/dbs/wallets
Create
wallets in the source host and target host wallet locations. dgpdb
directory in the
wallet location that contains files for a new wallet and should be executed on each
host. The password prompts are for the wallet password required to make any future
changes to the contents of the wallet and typically would be different for each
wallet.
$ mkstore -wrl $ORACLE_HOME/dbs/wallets/dgpdb -create
Oracle Secret Store Tool Release 23.0.0.0.0 - Production
Version 23.0.0.0.0
Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
Add
credentials to each wallet for the SYS user for the source database and target
database that use the previously created boston and newyork aliases by issuing the
following commands on each host. The first two password prompts for each command are
for the password associated with the username (SYS) for the credential being created
and the last password prompt is for the wallet password required to update the
wallet contents:
$ mkstore -wrl $ORACLE_HOME/dbs/wallets/dgpdb -createCredential boston 'sys'
Oracle Secret Store Tool Release 23.0.0.0.0 - Production
Version 23.0.0.0.0
Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
Your secret/Password is missing in the command line
Enter your secret/Password:
Re-enter your secret/Password: Enter wallet password:
$ mkstore -wrl $ORACLE_HOME/dbs/wallets/dgpdb -createCredential newyork 'sys'
Oracle Secret Store Tool Release 23.0.0.0.0 - Production Version 23.0.0.0.0 Copyright (c) 2004, 2022,
Oracle and/or its affiliates. All rights reserved.
Your secret/Password is missing in the command line Enter your secret/Password:
Re-enter your secret/Password: Enter wallet password:
Update
the sqlnet.ora
file on the source database and target database
hosts to add a WALLET_LOCATION
clause that identifies the wallet
directory location and a line to override any existing OS authentication or password
configuration to ensure that only wallet-based authentication will be used when
authentication using the wallet credentials is attempted. The sqlnet.ora file used
for the examples is as follows, where <ORACLE_HOME
> is
the path for the database ORACLE_HOME
directory:
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = <ORACLE_HOME>/dbs/wallets/dgpdb)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
Stop
and restart each database to configure redo transport to use the wallet. Because
there are no static services configured, use OS authentication on each host to do
this. Then validate that client connections to the source and target container
databases are now possible using the wallets by issuing the following commands on
each host:
$ sqlplus /@boston as sysdba
$ sqlplus /@newyork as sysdba