附註:

在可插拔資料庫層次設定 Oracle Data Guard

簡介

Oracle Data Guard 可保護個別的可插式資料庫 (PDB),而非整個容器資料庫 (CDB)。這表示每個可插式資料庫 (DG PDB) 組態的 Oracle Data Guard 將會有兩個主要 CDB,而不是一個主要 CDB 和一個待命 CDB。每個 CDB 都包含以讀寫方式開啟的 PDB (通常會受到遠端 CDB 上的目標 PDB 保護) 與掛載的 PDB 會保護遠端 CDB 中的對應 PDB。

我們將學習如何在 PDB 層次從 CDB1 設定資料保全至 CDB2,相反地,這兩個 CDB 皆為讀寫模式。此外,無論是容器層次或容器中的其他 PDB,我們都會看到 PDB 層次的切換或容錯移轉而不會發生中斷情況。

本教學課程描述如何使用 DG PDB、Oracle Data Guard for PDB 而非 CDB。

注意:Oracle Base Database Service 上的 Oracle Cloud Infrastructure (OCI) 工具不支援 DG PDB。

傳統的每一 CDB 架構

圖像

每一 PDB (DG PDB) 架構的 Oracle Data Guard

圖像

功能與特性

使用案例

目標

先決條件

作業 1:在 PDB 層次設定 Data Guard,從 CDB1 到 CDB2

主要 PDB:CDB1_PDB1 AT CDB1_ASH

待命 PDB:CDB1_PDB1 AT CDB2_SJ

環境:

OCI 區域 阿什本 (ASH) 聖荷西 (SJ)
Oracle Base Database 資料庫系統 資料庫系統
Oracle 版本 23.3.0.23 23.3.0.23
主機名稱 ashvmdb1 sjvmdb2
資料庫唯一名稱 CDB1_ASH CDB2_SJ
CDB 名稱 CDB1 CDB2
主要 PDB CDB1_PDB1, CDB1_PDB2 CDB2_PDB3, CDB2_PDB4
待命 PDB CDB2_PDB3 CDB1_PDB1
VCN/ 子網路 (預設) VCN_ASH/ 公用子網路 -VCN_ASH VCN_SJ/ 公用子網路 -VCN_SJ
專用 IP 10.0.0.192 192.168.0.202

作業 1.1:準備資料庫

  1. 透過 OCI 主控台建立兩個 CDB 和兩個 PDB,這兩個都是加密通透資料加密 (TDE) 的 Oracle Database 23ai 資料庫。

  2. 啟用快閃記錄日誌,並強制在兩個資料庫上記錄日誌。

  3. 設定「快速復原區域 (FRA)」的日誌存檔目的地。

  4. 啟用 Oracle Data Guard 中介。

佈建 CDB1:

col FORCE_LOGGING for a5
set lines 300 pages 100
select name,open_mode,LOG_MODE,FORCE_LOGGING,FLASHBACK_ON,DB_UNIQUE_NAME from gv$database;

NAME OPEN_MODE LOG_MODE FORCE FLASHBACK_ON DB_UNIQUE_NAME
--------- -------------------- ------------ ----- ------------------ ------------------------------
CDB1 READ WRITE ARCHIVELOG YES NO CDB1_ASH

SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 CDB1_PDB1 READ WRITE NO
4 CDB1_PDB2 READ WRITE NO

SQL> ALTER DATABASE FORCE LOGGING;
SQL> ALTER DATABASE FLASHBACK ON;
SQL> alter system set log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST VALID_FOR=(ALL_LOGFILES,ALL_ROLES)' scope=both sid='\*';
SQL> ALTER SYSTEM SET DG_BROKER_CONFIG_FILE1='+DATA/CDB1_ash/PARAMETERFILE/dr1CDB1.dat' scope=both sid='\*';
SQL> ALTER SYSTEM SET DG_BROKER_CONFIG_FILE2='+DATA/CDB1_ash/PARAMETERFILE/dr2CDB1.dat' scope=both sid='\*';
SQL> alter system set standby_file_management = AUTO scope = both;
SQL> ALTER SYSTEM SET dg_broker_start=TRUE scope=both sid='\*';

佈建 CDB2:

col FORCE_LOGGING for a5
set lines 300 pages 100
select name,open_mode,LOG_MODE,FORCE_LOGGING,FLASHBACK_ON,DB_UNIQUE_NAME from gv$database;

NAME OPEN_MODE LOG_MODE FORCE FLASHBACK_ON DB_UNIQUE_NAME
--------- -------------------- ------------ ----- ------------------ ------------------------------
CDB2 READ WRITE ARCHIVELOG YES NO CDB2_SJ

SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
4 CDB2_PDB3 READ WRITE NO
5 CDB2_PDB4 READ WRITE NO

SQL> ALTER DATABASE FORCE LOGGING;
SQL> ALTER DATABASE FLASHBACK ON;
SQL> alter system set log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST VALID_FOR=(ALL_LOGFILES,ALL_ROLES)' scope=both sid='\*';
SQL> ALTER SYSTEM SET DG_BROKER_CONFIG_FILE1='+DATA/CDB2_sj/PARAMETERFILE/dr1CDB2.dat' scope=both sid='\*';
SQL> ALTER SYSTEM SET DG_BROKER_CONFIG_FILE2='+DATA/CDB2_sj/PARAMETERFILE/dr2CDB2.dat' scope=both sid='\*';
SQL> ALTER SYSTEM SET dg_broker_start=TRUE scope=both sid='\*';
SQL> alter system set standby_file_management = AUTO scope = both;

作業 1.2:在兩個 CDB 之間建立通透網路子字串 (TNS) 連線

  1. 驗證兩個資料庫節點之間的連線。

    curl -sv telnet://10.0.0.192:1521
    curl -sv telnet://192.168.0.202:1521
    
  2. 設定每個主機上的網路組態檔,以便連線至來源和目標資料庫。

    $vi $ORACLE_HOME/network/admin/tnsnames.ora
    
    CDB1_ASH =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 10.0.0.192)(PORT = 1521))
    (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = CDB1_ASH.sub02090909270.vcnash.oraclevcn.com)
    )
    )
    
    CDB2_SJ =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.202)(PORT = 1521))
    (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = CDB2_SJ.sub02090543360.vcnsj.oraclevcn.com)
    )
    )
    

工作 1.3:使用公事包建立無密碼連線

  1. 在每個主機上,建立包含公事包的目錄,並透過在目錄上設定適當的保護來保護公事包。

    $ mkdir -p $ORACLE_HOME/dbs/wallets
    $ chmod -R 700 $ORACLE_HOME/dbs/wallets
    
  2. 建立包含建立及管理 DG PDB 組態所需證明資料之公事包。

    $ mkstore -wrl $ORACLE_HOME/dbs/wallets/dgpdb -create
    Oracle Secret Store Tool Release 23.0.0.0.0 - Production
    Version 23.0.0.0.0
    Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
    
    Enter password:
    Enter password again:
    
    
    [oracle@ashCDB1 ~]$ mkstore -wrl $ORACLE_HOME/dbs/wallets/dgpdb -createCredential CDB1_ash 'sys'
    Oracle Secret Store Tool Release 23.0.0.0.0 - Production
    Version 23.0.0.0.0
    Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
    
    Your secret/Password is missing in the command line
    Enter your secret/Password:
    Re-enter your secret/Password:
    Enter wallet password:
    [oracle@ashCDB1 ~]$ mkstore -wrl $ORACLE_HOME/dbs/wallets/dgpdb -createCredential CDB2_sj 'sys'
    Oracle Secret Store Tool Release 23.0.0.0.0 - Production
    Version 23.0.0.0.0
    Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
    
    Your secret/Password is missing in the command line
    Enter your secret/Password:
    Re-enter your secret/Password:
    Enter wallet password:
    [oracle@ashCDB1 ~]$ mkstore -wrl $ORACLE_HOME/dbs/wallets/dgpdb -listCredential
    Oracle Secret Store Tool Release 23.0.0.0.0 - Production
    Version 23.0.0.0.0
    Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
    
    Enter wallet password:
    List credential (index: connect_string username)
    2: CDB2_sj sys
    1: CDB1_ash sys
    
  3. 驗證兩個資料庫的無密碼連線。在本教學課程中,我們已在資料庫佈建期間使用相同的密碼。

    • 設定 sqlnet.ora 以使用公事包。

    • 現在,我們必須在 sqlnet.ora 組態上新增 Oracle 將使用的公事包。

    vi $ORACLE_HOME/network/admin/sqlnet.ora
    
    NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
    WALLET_LOCATION =
        (SOURCE =
        (METHOD = FILE)
        (METHOD_DATA =
            (DIRECTORY = /u01/app/oracle/product/23.0.0.0/dbhome_1/dbs/wallets/dgpdb)
        )
    )
    SQLNET.WALLET_OVERRIDE = TRUE
    
    Stop and restart each database and Listener to configure redo transport to use the wallet. Because there are no static services configured, use OS authentication on each host to do this.
    
    Validate that client connections to the source and target container databases are now possible using the wallets by issuing the following commands on each host:
    
    sqlplus /@CDB1_ash as sysdba
    sqlplus /@CDB2_sj as sysdba
    
    

作業 1.4:建立來源和目標資料庫 Oracle Data Guard 中介組態

使用公事包連線至來源和目標容器資料庫,並使用 Oracle Data Guard 命令行介面 (DGMGRL) 建立組態。這與一般 Oracle Data Guard 組態相同。只有差別在於這兩個 CDB 都必須這麼做,因為兩者都是主要資料庫。

作業 1.5:建立組態之間的連線

此作業與一般 Oracle Data Guard 組態不同。通常在新增主要資料庫之後,我們會新增待命資料庫,但現在將會使用不同的語法。使用 DGMGRL 連線至來源容器資料庫,與目標資料庫建立連線。

[oracle@ashCDB1 ~]$ dgmgrl /@CDB1_ash

DGMGRL> add configuration CDB2_sj connect identifier is CDB2_sj;
DGMGRL> show configuration verbose;
DGMGRL> show configuration verbose CDB2_sj;
DGMGRL> enable configuration all;

作業 1.6:準備 DG PDB 的資料庫

  1. 連線到每個容器資料庫並在 PDB 尚未開啟時開啟它們。

  2. Oracle Data Guard 中介 EDIT CONFIGURATION PREPARE DGPDB 命令假設來源容器資料庫和目標容器資料庫組態已設定且已啟用。

  3. 命令提示會開啟以輸入每個容器資料庫之 DGPDB_INT 帳戶的密碼,然後設定提供 Oracle Data Guard 保護或變更 PDB 角色所需的內部結構。

    SQL> ALTER PLUGGABLE DATABASE ALL OPEN;
    SQL> show pdbs
    
    dgmgrl /@CDB1_ash
    DGMGRL> EDIT CONFIGURATION PREPARE DGPDB;
    Enter password for DGPDB_INT account at CDB1_ASH:
    Enter password for DGPDB_INT account at CDB2_SJ:
    Prepared Data Guard for Pluggable Database at CDB2_SJ.
    Prepared Data Guard for Pluggable Database at CDB1_ASH.
    DGMGRL>
    

    注意:為了簡化,我使用與資料庫或 TDE 密碼相同的密碼,但密碼可能不同。

作業 1.7:設定來源 PDB 的 Oracle Data Guard 保護

  1. 設定容器資料庫中的目標 PDB,以設定來源 PDB 的 Oracle Data Guard PDB 層次保護。

  2. 執行 ADD PLUGGABLE DATABASE 命令,在目標容器資料庫中建立目標 PDB。

    主要 PDB:CDB1_PDB1 AT CDB1_ASH

    待命 PDB:CDB1_PDB1 AT CDB2_SJ

    在目標容器上:

    SQL> show pdbs
    
    CON_ID CON_NAME OPEN MODE RESTRICTED
    ---------- ------------------------------ ---------- ----------
    2 PDB$SEED READ ONLY NO
    4 CDB2_PDB3 READ WRITE NO
    5 CDB2_PDB4 READ WRITE NO
    
    
    dgmgrl /@CDB1_ash
    DGMGRL> ADD PLUGGABLE DATABASE CDB1_PDB1 AT CDB2_sj SOURCE IS CDB1_PDB1 AT CDB1_ash PDBFILENAMECONVERT IS "'+DATA/CDB1_ash','+DATA/CDB2_sj'" 'keystore IDENTIFIED BY "WelC0me_123#"';
    Pluggable Database "CDB1_PDB1" added
    DGMGRL>
    
    SQL> show pdbs
    CON_ID CON_NAME OPEN MODE RESTRICTED
    ---------- ------------------------------ ---------- ----------
    2 PDB$SEED READ ONLY NO
    3 CDB1_PDB1 MOUNTED
    4 CDB2_PDB3 READ WRITE NO
    5 CDB2_PDB4 READ WRITE NO
    

作業 1.8:將資料檔複製到目的地

將與來源 PDB 關聯的所有檔案複製到目標 PDB 位置,以建立目標 PDB。

  1. 識別來源 PDB 上的檔案清單。

    SQL> select FILE#,NAME from v$datafile where con_id=3;
    
    FILE# NAME                                                                                                     CON_ID
    ---------- ---------------------------------------------------------------------------------------------------- ----------
    8 +DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/system.273.1160475741                          3
    9 +DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/sysaux.270.1160475747                          3
    10 +DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/undotbs1.271.1160475753                        3
    12 +DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/users.274.1160475857                           3
    
  2. 在目標容器上複製 PDB 資料檔。

    [oracle@sjCDB2 ~]$ rman target sys/WelC0me_123#@CDB1_ash auxiliary sys/WelC0me_123#@CDB2_sj
    
    Recovery Manager: Release 23.0.0.0.0 - Production on Fri Feb 9 12:41:14 2024
    Version 23.3.0.23.09
    
    Copyright (c) 1982, 2023, Oracle and/or its affiliates.  All rights reserved.
    
    connected to target database: CDB1 (DBID=3764657260)
    connected to auxiliary database: CDB2 (DBID=3648579145)
    
    RMAN> run {
    allocate channel ch1 type disk;
    backup as copy reuse datafile 8,9,10,12 auxiliary format NEW;
    }
    run {
    2> allocate channel ch1 type disk;
    3> backup as copy reuse datafile 8,9,10,12 auxiliary format NEW;
    4> }
    using target database control file instead of recovery catalog
    allocated channel: ch1
    channel ch1: SID=38 device type=DISK
    
    Starting backup at 09-FEB-24
    channel ch1: starting datafile copy
    input datafile file number=00009 name=+DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/sysaux.270.1160475747
    output file name=+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/sysaux.271.1160484127 tag=TAG20240209T124201
    channel ch1: datafile copy complete, elapsed time: 00:00:08
    channel ch1: starting datafile copy
    input datafile file number=00008 name=+DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/system.273.1160475741
    output file name=+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/system.272.1160484135 tag=TAG20240209T124201
    channel ch1: datafile copy complete, elapsed time: 00:00:08
    channel ch1: starting datafile copy
    input datafile file number=00010 name=+DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/undotbs1.271.1160475753
    output file name=+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/undotbs1.274.1160484145 tag=TAG20240209T124201
    channel ch1: datafile copy complete, elapsed time: 00:00:04
    channel ch1: starting datafile copy
    input datafile file number=00012 name=+DATA/CDB1_ASH/10F14C2387F73F42E063C000000A77F3/DATAFILE/users.274.1160475857
    output file name=+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/users.275.1160484149 tag=TAG20240209T124201
    channel ch1: datafile copy complete, elapsed time: 00:00:04
    Finished backup at 09-FEB-24
    released channel: ch1
    
  3. 檢查目標 PDB 上的資料檔。

    SQL> show pdbs
    
        CON_ID CON_NAME                       OPEN MODE  RESTRICTED
    ---------- ------------------------------ ---------- ----------
            2 PDB$SEED                      READ ONLY  NO
            3 CDB1_PDB1                     MOUNTED
            4 CDB2_PDB3                     READ WRITE NO
            5 CDB2_PDB4                     READ WRITE NO
    SQL> alter session set container=CDB1_PDB1;
    Session altered.
    
    SQL>  select name from v$datafile;
    
    NAME
    --------------------------------------------------------------------------------
    +DATA/MUST_RENAME_THIS_DATAFILE_8.4294967295.4294967295
    +DATA/MUST_RENAME_THIS_DATAFILE_9.4294967295.4294967295
    +DATA/MUST_RENAME_THIS_DATAFILE_10.4294967295.4294967295
    +DATA/MUST_RENAME_THIS_DATAFILE_12.4294967295.4294967295
    
  4. 重新命名資料檔。目標檔案名稱可以從 RMAN 輸出日誌取得。

    alter database rename file '+DATA/MUST_RENAME_THIS_DATAFILE_8.4294967295.4294967295' to '+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/system.272.1160484135';
    alter database rename file '+DATA/MUST_RENAME_THIS_DATAFILE_9.4294967295.4294967295' to '+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/sysaux.271.1160484127';
    alter database rename file '+DATA/MUST_RENAME_THIS_DATAFILE_10.4294967295.4294967295' to '+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/undotbs1.274.1160484145';
    alter database rename file '+DATA/MUST_RENAME_THIS_DATAFILE_12.4294967295.4294967295' to '+DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/users.275.1160484149';
    
    SQL>  select name from v$datafile;
    
    NAME
    ---------------------------------------------------------------------------------------
    +DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/system.272.1160484135
    +DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/sysaux.271.1160484127
    +DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/undotbs1.274.1160484145
    +DATA/CDB2_SJ/10F14C2387F73F42E063C000000A77F3/DATAFILE/users.275.1160484149
    

工作 1.9:引入 TDE 金鑰

我們必須複製 CDB 和 PDB 的公事包金鑰。將來源 CDB 金鑰複製到目標 CDB,並將來源 PDB 金鑰複製到我們正在設定「資料保全」的目標 PDB。

  1. 檢查來源容器或 PDB 上的公事包。

    SET LINESIZE 200
    COLUMN wrl_parameter FORMAT A39
    select * from v$encryption_wallet;
    
  2. 從來源資料庫匯出加密金鑰 (CDB 和 PDB)。

    SQL> ADMINISTER KEY MANAGEMENT EXPORT ENCRYPTION KEYS WITH SECRET "export_secret" TO '/tmp/CDB1_key' FORCE KEYSTORE IDENTIFIED BY "WelC0me_123#";
    SQL> alter session set container=CDB1_PDB1;
    SQL> ADMINISTER KEY MANAGEMENT EXPORT ENCRYPTION KEYS WITH SECRET "export_secret" TO '/tmp/CDB1_PDB1_key' FORCE KEYSTORE IDENTIFIED BY "WelC0me_123#";
    
  3. 複製目標伺服器上的加密金鑰,然後將其匯入目標資料庫 (CDB 和 PDB)。

    [opc@sjCDB2 tmp]$ chmod 777 CDB1_key CDB1_PDB1_key
    SQL> ADMINISTER KEY MANAGEMENT IMPORT KEYS WITH SECRET "export_secret" FROM '/tmp/CDB1_key' force keystore IDENTIFIED BY "WelC0me_123#" WITH BACKUP;
    SQL> alter session set container=CDB1_PDB1;
    SQL> ADMINISTER KEY MANAGEMENT IMPORT KEYS WITH SECRET "export_secret" FROM '/tmp/CDB1_PDB1_key' force keystore IDENTIFIED BY "WelC0me_123#" WITH BACKUP;
    
  4. 驗證匯入的金鑰。

    select * from v$encryption_keys order by creation_time;
    

工作 1.10:將待命重做日誌 (SRL) 新增至 PDB 並驗證

從待命 PDB 建立 SRL 以接收外部來源重做。整個 CDB 只需要執行此作業一次,每個 PDB 不需要一組不同的 SRL。

sqlplus /@CDB2_sj as sysdba

SQL> alter session set container=CDB1_PDB1;
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
--------- ------------------------------ ---------- ----------
4 CDB1_PDB1 MOUNTED

SQL> select group#,thread#,bytes from v$standby_log;
no rows selected

SQL> ALTER DATABASE ADD STANDBY LOGFILE;
Database altered.

SQL> ALTER DATABASE ADD STANDBY LOGFILE;
Database altered.

SQL> ALTER DATABASE ADD STANDBY LOGFILE;
Database altered.

SQL> select group#,thread#,bytes from v$standby_log;
GROUP# THREAD# BYTES
--------- ---------- ----------
1 0 104857600
2 0 104857600
3 0 104857600

工作 1.11:將待命狀態變更為 APPLY-ON

從任何資料庫連線到 DGMGRL 並起始從來源 PDB 傳輸至目標 PDB 的重做傳輸。

DGMGRL> EDIT PLUGGABLE DATABASE CDB1_PDB1 AT CDB2_sj SET STATE='APPLY-OFF';
DGMGRL> EDIT PLUGGABLE DATABASE CDB1_PDB1 AT CDB2_sj SET STATE='APPLY-ON';
DGMGRL> enable configuration all;

Perform Log switch on source database:
--------------------------------------
SQL> ALTER SYSTEM ARCHIVE LOG CURRENT;
SQL> ALTER SYSTEM ARCHIVE LOG CURRENT;

DGMGRL> show pluggable database CDB1_PDB1 at CDB2_sj;
Pluggable database - CDB1_PDB1 at CDB2_sj
Data Guard Role: Physical Standby
Con_ID: 3
Source: con_id 3 at CDB1_ASH
Transport Lag: 32 seconds (computed 21 seconds ago)
Apply Lag: 32 seconds (computed 21 seconds ago)
Intended State: APPLY-ON
Apply State: Running
Apply Instance: CDB2
Average Apply Rate: 1592 KByte/s
Real Time Query: OFF
Pluggable Database Status:
SUCCESS


DGMGRL> SHOW ALL PLUGGABLE DATABASE AT CDB1_ASH;
PDB Name PDB ID Data Guard Role Data Guard Partner
CDB1_PDB1 3 Primary CDB1_PDB1 (con_id 3) at CDB2_sj
CDB1_PDB2 4 None None

DGMGRL> SHOW ALL PLUGGABLE DATABASE AT CDB2_sj;
PDB Name PDB ID Data Guard Role Data Guard Partner
CDB1_PDB1 3 Physical Standby CDB1_PDB1 (con_id 3) at CDB1_ash
CDB2_PDB3 4 None None
CDB2_PDB4 5 None None

DGMGRL> VALIDATE PLUGGABLE DATABASE CDB1_PDB1 at CDB2_sj;
Ready for Switchover: NO
Data Guard Role: Physical Standby
Apply State: Waiting for Redo Data
Standby Redo Log Files: 3
Source: CDB1_PDB1 (con_id 3) at CDB1_ASH


sqlplus /@CDB2_sj as sysdba

SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
--------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 CDB1_PDB1 MOUNTED
4 CDB2_PDB3 READ WRITE NO
5 CDB2_PDB4 READ WRITE NO

工作 2:( 選擇性 ) 在 PDB 層次設定 Oracle Data Guard,從 CDB2 到 CDB1

如果想要將 Oracle Data Guard 從 CDB2 設定成 CDB1 (亦即雙向),這是選擇性作業。

主要 PDB:CDB2_PDB3 AT CDB2_SJ

待命 PDB:CDB2_PDB3 AT CDB1_ASH

注意:我們只需要將來源和目標 CDB 或 PDB 變更,然後將工作 1.7 重複到 1.11。

  1. 設定來源 PDB 的 Oracle Data Guard 保護。

    dgmgrl /@CDB2_SJ
    DGMGRL> ADD PLUGGABLE DATABASE CDB2_PDB3 AT CDB1_ASH SOURCE IS CDB2_PDB3 AT CDB2_sj PDBFILENAMECONVERT IS "'+DATA/CDB2_sj','+DATA/CDB1_ash'" 'keystore IDENTIFIED BY "WelC0me_123#"';
    
  2. 將資料檔複製到目的地。

    [oracle@sjCDB2 ~\]$ rman target sys/WelC0me_123#@CDB2_sj auxiliary sys/WelC0me_123#@CDB1_ash
    
  3. 引入 TDE 金鑰。

    Export / Import CDB/PDB key from CDB2 to CDB1
    
  4. 新增 DG PDB 的待命重做日誌並進行驗證。

  5. 將待命資料庫的狀態變更為 APPLY-ON

    DGMGRL> SHOW ALL PLUGGABLE DATABASE AT CDB1_ash;
    PDB Name PDB ID Data Guard Role Data Guard Partner
    CDB1_PDB1 3 Primary CDB1_PDB1 (con_id 3) at CDB2_sj
    VMDB1_PDB2 4 None None
    VMDB2_PDB3 6 Physical Standby VMDB2_PDB3 (con_id 4) at CDB2_sj
    
    DGMGRL> SHOW ALL PLUGGABLE DATABASE AT CDB2_sj;
    PDB Name PDB ID Data Guard Role Data Guard Partner
    CDB1_PDB1 3 Physical Standby CDB1_PDB1 (con_id 3) at CDB1_ash
    VMDB2_PDB3 4 Primary VMDB2_PDB3 (con_id 6) at CDB1_ash
    VMDB2_PDB4 5 None None
    DGMGRL>
    

作業 3:切換可插拔資料庫

使用 Oracle Data Guard 中介 DGMGRL 反向來源 PDB 及其指定目標 PDB 的角色。容器層級沒有影響。

  1. 執行切換。

    [oracle@ashCDB1 ~]$ dgmgrl /@CDB1_ash
    DGMGRL> VALIDATE PLUGGABLE DATABASE CDB1_PDB1 at CDB2_sj;
    
    Ready for Switchover:    NO
    
    Data Guard Role:         Physical Standby
    Apply State:             Not Running
    Standby Redo Log Files:  3
    Source:                  CDB1_PDB1 (con_id 3) at CDB1_ASH
    
    DGMGRL> SWITCHOVER TO PLUGGABLE DATABASE CDB1_PDB1 at CDB2_sj;
    Performing switchover NOW, please wait...
    Switchover succeeded, new primary is "CDB1_pdb1"
    DGMGRL>
    
  2. 開啟新 PDB 以開啟模式。

    sqlplus /@CDB2_sj
    SQL> alter pluggable database CDB1_PDB1 open;
    Pluggable database altered.
    
    SQL> show pdbs
    
        CON_ID CON_NAME                       OPEN MODE  RESTRICTED
    ---------- ------------------------------ ---------- ----------
            2 PDB$SEED                      READ ONLY  NO
            3 CDB1_PDB1                     READ WRITE NO
            4 CDB2_PDB3                     READ WRITE NO
            5 CDB2_PDB4                     READ WRITE NO
    
    DGMGRL>  show pluggable database CDB1_PDB1 at CDB2_SJ;
    Pluggable database - CDB1_PDB1 at CDB2_sj
    
    Data Guard Role:     Primary
    Con_ID:              3
    Active Target:       con_id 3 at CDB1_ASH
    
    Pluggable Database Status:
    SUCCESS
    
    DGMGRL> show pluggable database CDB1_PDB1 at CDB1_ASH;
    
    Pluggable database - CDB1_PDB1 at CDB1_ash
    
    Data Guard Role:     Physical Standby
    Con_ID:              3
    Source:              con_id 3 at CDB2_SJ
    Transport Lag:       1 minute (computed 59 seconds ago)
    Apply Lag:           1 minute 35 seconds (computed 59 seconds ago)
    Intended State:      APPLY-ON
    Apply State:         Not Running
    
    Pluggable Database Status:
    ORA-16766: Redo Apply is stopped.
    ORA-28374: typed master key not found in wallet
    
  3. 將加密金鑰 (僅限 CDB) 從新來源匯出至新目標。

    SQL> ADMINISTER KEY MANAGEMENT EXPORT ENCRYPTION KEYS WITH SECRET "export_secret" TO '/tmp/CDB2_CDB_key' FORCE KEYSTORE IDENTIFIED BY "WelC0me_123#";
    keystore altered.
    
    Import them into the target database
    [opc@sjCDB2 tmp]$ chmod 777 mydbkey mydbkeypdb1
    
    SQL> ADMINISTER KEY MANAGEMENT IMPORT KEYS WITH SECRET "export_secret" FROM '/tmp/CDB2_CDB_key' force keystore IDENTIFIED BY "WelC0me_123#" WITH BACKUP;
    keystore altered.
    
  4. 新的待命重做日誌。

    DGMGRL> EDIT PLUGGABLE DATABASE CDB2_PDB2 AT CDB2_sj SET STATE='APPLY-OFF';
    Succeeded.
    
    sqlplus /@CDB1_ash
    
    SQL> show pdbs
    
        CON_ID CON_NAME                       OPEN MODE  RESTRICTED
    
            2 PDB$SEED                      READ ONLY  NO
            3 CDB1_PDB1                     MOUNT NO
            4 CDB1_PDB2                     READ WRITE NO
    
    SQL> alter session set container=CDB1_PDB1;
    Session altered.
    
    SQL> select group#,thread#,bytes from v$standby_log;
    no rows selected
    
    SQL> ALTER DATABASE ADD STANDBY LOGFILE;
    Database altered.
    SQL> /
    Database altered.
    SQL> /
    Database altered.
    
    SQL> select group#,thread#,bytes from v$standby_log;
    GROUP# THREAD# BYTES
    
            1          0  104857600
            2          0  104857600
            3          0  104857600
    
    DGMGRL> EDIT PLUGGABLE DATABASE CDB1_PDB1 AT CDB1_ash SET STATE='APPLY-OFF';
    Succeeded.
    DGMGRL> EDIT PLUGGABLE DATABASE CDB1_PDB1 AT CDB1_ash SET STATE='APPLY-ON';
    Succeeded.
    DGMGRL>
    

作業 4:容錯移轉可插拔資料庫

進行容錯移轉時,指定的目標 PDB 會變更為來源角色。如果原始來源容器資料庫與其他 PDB 均正常運作,則必須先將 PDB 復原為目標 PDB,才能套用來自新來源 PDB 的任何重做。

$dgmgrl /@CDB1_ash

DGMGRL> show all pluggable database at CDB1_ash;
PDB Name PDB ID Data Guard Role Data Guard Partner
CDB1_PDB1 3 Primary CDB1_PDB1 (con_id 3) at CDB2_sj
VMDB1_PDB2 4 None None
VMDB2_PDB3 6 Physical Standby VMDB2_PDB3 (con_id 4) at CDB2_sj

DGMGRL> FAILOVER TO PLUGGABLE DATABASE CDB1_PDB1 at CDB2_sj;
Performing failover NOW, please wait...
Failover succeeded, new primary is "CDB1_PDB1".
DGMGRL>

DGMGRL> show pluggable database CDB1_PDB1 at CDB2_sj
Pluggable database - CDB1_PDB1 at CDB2_sj
Data Guard Role: Primary
Con_ID: 3
Active Target: con_id 3 at CDB1_ASH needs to be reinstated
Pluggable Database Status:

DGM-17450: not protected

DGMGRL> show pluggable database CDB1_PDB1 at CDB1_ash;
Pluggable database - CDB1_PDB1 at CDB1_ash
Data Guard Role: Physical Standby
Con_ID: 3
Source: (unknown)
Pluggable Database Status:

ORA-16661: The standby database must be reinstated.

DGMGRL> EDIT PLUGGABLE DATABASE CDB1_PDB1 AT CDB1_ash SET STATE='APPLY-OFF';
Succeeded.
DGMGRL> EDIT PLUGGABLE DATABASE CDB1_PDB1 AT CDB1_ash SET STATE='APPLY-ON';
Succeeded.

DGMGRL> show pluggable database CDB1_PDB1 at CDB1_ash;
Pluggable database - CDB1_PDB1 at CDB1_ash
Data Guard Role: Physical Standby
Con_ID: 3
Source: con_id 3 at CDB2_SJ
Transport Lag: 5 minutes 48 seconds (computed 21 seconds ago)
Apply Lag: (unknown)
Intended State: APPLY-ON
Apply State: Running
Apply Instance: VMDB1
Average Apply Rate: (unknown)
Real Time Query: OFF
Pluggable Database Status:
SUCCESS

作業 5:移除 DG PDB 組態

執行下列命令以移除組態。

[oracle@ashCDB1 ~\]$ dgmgrl /@CDB1_ash

DGMGRL> REMOVE PLUGGABLE DATABASE CDB2_PDB3 AT CDB1_ASH REMOVE DATAFILES;
Pluggable Database 'CDB1_PDB1' removed.

DGMGRL> SHOW PLUGGABLE DATABASE CDB2_PDB3 AT CDB1_ASH;
No pluggable databases at database 'CDB2_SJ'

DGMGRL> REMOVE CONFIGURATION CDB1_ASH;
Succeeded.

DGMGRL> SHOW CONFIGURATION;
Configuration - Boston
Protection Mode: MaxPerformance
Members:
CDB1_ASH - Primary database
Fast-Start Failover: Disabled
Configuration Status:
SUCCESS (status updated 25 seconds ago)

認可

其他學習資源

瀏覽 docs.oracle.com/learn 的其他實驗室,或前往 Oracle Learning YouTube 頻道存取更多免費學習內容。此外,請造訪 education.oracle.com/learning-explorer 以成為 Oracle Learning Explorer。

如需產品文件,請造訪 Oracle Help Center