Agora que já fizemos a instalação do GoldenGate MicroServices Architecture nesse post aqui, vamos fazer o nosso primeiro deploy, que vai junto o service manager.
Vamos configurar as variáveis de ambiente, veja um exemplo e modifique conforme a sua necessidade:
export ORACLE_HOME=database_install_location
export OGG_HOME=ogg_install_location
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
export TNS_ADMIN=$ORACLE_HOME/network/admin
export PATH=$OGG_HOME/bin:$PATH
export ORACLE_SID=ORCL
## to setup a secure environment
export JAVA_HOME=$OGG_HOME/jdk
Primeiro, vamos criar o nosso response file que será utilizado na instalação em modo silent. Altere conforme a sua necessidade:
oracle.install.responseFileVersion=/oracle/install/rspfmt_oggca_response_schema_v19_1_0
CONFIGURATION_OPTION=ADD
DEPLOYMENT_NAME=oraclepress
ADMINISTRATOR_USER=admin
ADMINISTRATOR_PASSWORD=Oracle123!
SERVICEMANAGER_DEPLOYMENT_HOME=/u01/app/oracle/product/19.1.0/oggsm_1
HOST_SERVICEMANAGER=guob.fiap
PORT_SERVICEMANAGER=9001
SECURITY_ENABLED=true
STRONG_PWD_POLICY_ENABLED=true
CREATE_NEW_SERVICEMANAGER=true
REGISTER_SERVICEMANAGER_AS_A_SERVICE=true
INTEGRATE_SERVICEMANAGER_WITH_XAG=false
EXISTING_SERVICEMANAGER_IS_XAG_ENABLED=false
OGG_SOFTWARE_HOME=/u01/app/oracle/product/19.1.0/oggma_1
OGG_DEPLOYMENT_HOME=/u01/app/oracle/product/19.1.0/ogg_oraclepress
OGG_ETC_HOME=
OGG_CONF_HOME=
OGG_SSL_HOME=
OGG_VAR_HOME=
OGG_DATA_HOME=
ENV_ORACLE_HOME=/u01/app/oracle/product/19.0.0/dbhome_1
ENV_LD_LIBRARY_PATH=${ORACLE_HOME}/lib:/u01/app/oracle/product/19.0.0/dbhome_1/lib
ENV_TNS_ADMIN=/u01/app/oracle/product/19.0.0/dbhome_1/network/admin
ENV_ORACLE_SID=orcl
ENV_STREAMS_POOL_SIZE=
ENV_USER_VARS=
CIPHER_SUITES=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
SERVER_WALLET=/home/oracle/wallet/guob.fiap
SERVER_CERTIFICATE=
SERVER_CERTIFICATE_KEY_FILE=
SERVER_CERTIFICATE_KEY_FILE_PWD=
CLIENT_WALLET=/home/oracle/wallet/distclient
CLIENT_CERTIFICATE=
CLIENT_CERTIFICATE_KEY_FILE=
CLIENT_CERTIFICATE_KEY_FILE_PWD=
SHARDING_ENABLED=false
SHARDING_USER=
ADMINISTRATION_SERVER_ENABLED=true
PORT_ADMINSRVR=9002
DISTRIBUTION_SERVER_ENABLED=true
PORT_DISTSRVR=9003
NON_SECURE_DISTSRVR_CONNECTS_TO_SECURE_RCVRSRVR=false
RECEIVER_SERVER_ENABLED=true
PORT_RCVRSRVR=9004
METRICS_SERVER_ENABLED=true
METRICS_SERVER_IS_CRITICAL=false
PORT_PMSRVR=9005
UDP_PORT_PMSRVR=9006
PMSRVR_DATASTORE_TYPE=BDB
PMSRVR_DATASTORE_HOME=
OGG_SCHEMA=GGADMIN
Na instalação acima eu fiz o deploy secure, ou seja, com certificados/wallet e será acessado via HTTPS e não HTTP. Se esse for o seu caso, será necessário criar wallet e certificados. Criei um script simples para essa tarefa, crie um arquivo com a extensão sh com o seguinte conteúdo:
#!/bin/sh
##variables
vhostnames=$(hostname -s)
vhostnamef=$(hostname -f)
### ROOT CA ###
#create the root_ca automatic login wallet
orapki wallet create -wallet root_ca -auto_login -pwd $1
#create a new self signed certificato for the root user an add it to the root_ca wallet
orapki wallet add -wallet root_ca -dn "CN=RootCA" -keysize 2048 -self_signed -validity 7300 -sign_alg sha256 -pwd $1
#export the root certificate
orapki wallet export -wallet root_ca -dn "CN=RootCA" -cert rootCA_Cert.pem -pwd $1
###CREATE THE SERVER WALLET###
#create automatic login server wallet
orapki wallet create -wallet $vhostnames -auto_login -pwd $1
#add a certificate signing request csr to the server's wallet
orapki wallet add -wallet $vhostnames -dn "CN=$vhostnamef" -keysize 2048 -pwd $1
#export the crs
orapki wallet export -wallet $vhostnames -dn "CN=$vhostnamef" -request "$vhostnamef"_req.pem -pwd $1
#create a signed server or client certificate and sign it using the root certificate
orapki cert create -wallet root_ca -request "$vhostnamef"_req.pem -cert "$vhostnamef"_Cert.pem -serial_num 20 -validity 365 -sign_alg sha256 -pwd $1
#add the root certificate into client's or server' wallet as trusted certificate
orapki wallet add -wallet $vhostnames -trusted_cert -cert rootCA_Cert.pem -pwd $1
#add thr server certificate as a user certificate into the servers wallet
orapki wallet add -wallet $vhostnames -user_cert -cert "$vhostnamef"_Cert.pem -pwd $1
###DISTRIBUITION WALLET###
#create dist_client automatic login client wallet
orapki wallet create -wallet distclient -auto_login -pwd $1
#add a csr to the wallet
orapki wallet add -wallet distclient -dn "CN=$vhostnamef" -keysize 2048 -pwd $1
#export the CSR
orapki wallet export -wallet distclient -dn "CN=$vhostnamef" -request distclient_req.pem -pwd $1
#create a signed client certificate and sign it using the root certificate
orapki cert create -wallet root_ca -request distclient_req.pem -cert distclient_Cert.pem -serial_num 30 -validity 375 -sign_alg sha256 -pwd $1
#add the root certificate as a trusted certifcate
orapki wallet add -wallet distclient -trusted_cert -cert rootCA_Cert.pem -pwd $1
#add the client certificate as a user certificate into the client's or server's wallet
orapki wallet add -wallet distclient -user_cert -cert distclient_Cert.pem -pwd $1
Agora é só executar esse script com um parâmetro, a senha das wallets. Se você criou o script wallet.sh, seria apenas executar da seguinte maneira:
./wallet.sh Oracle123
Certificados e wallets serão criados no diretório atual, então, só criar um diretório específico para isso.
Agora, só executar o oggca.sh:
$ oggca.sh -silent -responseFile /home/oracle/oggca.rsp
Oracle GoldenGate Service Manager for Oracle
Version 19.1.0.0.4 OGGCORE_19.1.0.0.0_PLATFORMS_191017.1054
Copyright (C) 1995, 2019, Oracle and/or its affiliates. All rights reserved.
Linux, x64, 64bit (optimized) on Oct 17 2019 14:47:09
Operating system character set identified as UTF-8.
In order to register Service Manager as a system service/daemon, as a "root" user, execute the following script:
(1). /u01/app/oracle/product/19.1.0/oggsm_1/bin/registerServiceManager.sh
To execute the configuration scripts:
1.Open a terminal window
2.Login as "root"
3.Run the script
Successfully Setup Software.
Veja que foi solicitado executar um script como root, execute e o processo como todo será finalizado.
Acesse agora via browser utilizando HTTP ou HTTPS, se o deploy foi secure ou non secure, hostname ou ip, juntamente com a porta do service manager. Veja o meu caso:
E para acessar via adminclient, que é o ggsci da MA:
[oracle@guob ~]$ export OGG_CLIENT_TLS_CAPATH=/home/oracle/wallet/rootCA_Cert.pem
[oracle@guob ~]$ adminclient
Oracle GoldenGate Administration Client for Oracle
Version 19.1.0.0.4 OGGCORE_19.1.0.0.0_PLATFORMS_191017.1054
Copyright (C) 1995, 2019, Oracle and/or its affiliates. All rights reserved.
Linux, x64, 64bit (optimized) on Oct 17 2019 14:43:45
Operating system character set identified as UTF-8.
OGG (not connected) 1> connect https://192.168.50.163:9001 deployment oraclepress as admin
Password for 'admin' at 'https://192.168.50.163:9001':
OGG (https://192.168.50.163:9001 oraclepress) 2> info all
Program Status Group Type Lag at Chkpt Time Since Chkpt
ADMINSRVR RUNNING
DISTSRVR RUNNING
PMSRVR RUNNING
RECVSRVR RUNNING
Pronto, finalizado. A partir de agora veremos como utilziar o GoldenGate na MicroServices Architecture!
A variável de ambiente OGG_CLIENT_TLS_CAPATH é necessária para se conectar via adminclient em um secure deploy.
Olá Tércio, parabéns pela série de posts sobre Golden Gate, obrigado por compartilhar esse conhecimento prático.
CurtirCurtir
Muito obrigado Flávio!
CurtirCurtir