Oracle GoldenGate – Deploy an Oracle GoldenGate MA Architecture

Agora que já fizemos a instalação do GoldenGate MicroServices Architecture nesse post aqui, vamos fazer o nosso primeiro deploy, que vai junto o service manager.

Vamos configurar as variáveis de ambiente, veja um exemplo e modifique conforme a sua necessidade:

export ORACLE_HOME=database_install_location
export OGG_HOME=ogg_install_location
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
export TNS_ADMIN=$ORACLE_HOME/network/admin
export PATH=$OGG_HOME/bin:$PATH
export ORACLE_SID=ORCL
## to setup a secure environment
export JAVA_HOME=$OGG_HOME/jdk

Primeiro, vamos criar o nosso response file que será utilizado na instalação em modo silent. Altere conforme a sua necessidade:

oracle.install.responseFileVersion=/oracle/install/rspfmt_oggca_response_schema_v19_1_0
CONFIGURATION_OPTION=ADD
DEPLOYMENT_NAME=oraclepress
ADMINISTRATOR_USER=admin
ADMINISTRATOR_PASSWORD=Oracle123!
SERVICEMANAGER_DEPLOYMENT_HOME=/u01/app/oracle/product/19.1.0/oggsm_1
HOST_SERVICEMANAGER=guob.fiap
PORT_SERVICEMANAGER=9001
SECURITY_ENABLED=true
STRONG_PWD_POLICY_ENABLED=true
CREATE_NEW_SERVICEMANAGER=true
REGISTER_SERVICEMANAGER_AS_A_SERVICE=true
INTEGRATE_SERVICEMANAGER_WITH_XAG=false
EXISTING_SERVICEMANAGER_IS_XAG_ENABLED=false
OGG_SOFTWARE_HOME=/u01/app/oracle/product/19.1.0/oggma_1
OGG_DEPLOYMENT_HOME=/u01/app/oracle/product/19.1.0/ogg_oraclepress
OGG_ETC_HOME=
OGG_CONF_HOME=
OGG_SSL_HOME=
OGG_VAR_HOME=
OGG_DATA_HOME=
ENV_ORACLE_HOME=/u01/app/oracle/product/19.0.0/dbhome_1
ENV_LD_LIBRARY_PATH=${ORACLE_HOME}/lib:/u01/app/oracle/product/19.0.0/dbhome_1/lib
ENV_TNS_ADMIN=/u01/app/oracle/product/19.0.0/dbhome_1/network/admin
ENV_ORACLE_SID=orcl
ENV_STREAMS_POOL_SIZE=
ENV_USER_VARS=
CIPHER_SUITES=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
SERVER_WALLET=/home/oracle/wallet/guob.fiap
SERVER_CERTIFICATE=
SERVER_CERTIFICATE_KEY_FILE=
SERVER_CERTIFICATE_KEY_FILE_PWD=
CLIENT_WALLET=/home/oracle/wallet/distclient
CLIENT_CERTIFICATE=
CLIENT_CERTIFICATE_KEY_FILE=
CLIENT_CERTIFICATE_KEY_FILE_PWD=
SHARDING_ENABLED=false
SHARDING_USER=
ADMINISTRATION_SERVER_ENABLED=true
PORT_ADMINSRVR=9002
DISTRIBUTION_SERVER_ENABLED=true
PORT_DISTSRVR=9003
NON_SECURE_DISTSRVR_CONNECTS_TO_SECURE_RCVRSRVR=false
RECEIVER_SERVER_ENABLED=true
PORT_RCVRSRVR=9004
METRICS_SERVER_ENABLED=true
METRICS_SERVER_IS_CRITICAL=false
PORT_PMSRVR=9005
UDP_PORT_PMSRVR=9006
PMSRVR_DATASTORE_TYPE=BDB
PMSRVR_DATASTORE_HOME=
OGG_SCHEMA=GGADMIN

Na instalação acima eu fiz o deploy secure, ou seja, com certificados/wallet e será acessado via HTTPS e não HTTP. Se esse for o seu caso, será necessário criar wallet e certificados. Criei um script simples para essa tarefa, crie um arquivo com a extensão sh com o seguinte conteúdo:

#!/bin/sh

##variables
vhostnames=$(hostname -s)
vhostnamef=$(hostname -f)

### ROOT CA ###
#create the root_ca automatic login wallet
orapki wallet create -wallet root_ca -auto_login -pwd $1
#create a new self signed certificato for the root user an add it to the root_ca wallet
orapki wallet add -wallet root_ca -dn "CN=RootCA" -keysize 2048 -self_signed -validity 7300 -sign_alg sha256 -pwd $1
#export the root certificate
orapki wallet export -wallet root_ca -dn "CN=RootCA" -cert rootCA_Cert.pem -pwd $1

###CREATE THE SERVER WALLET###
#create automatic login server wallet
orapki wallet create -wallet $vhostnames -auto_login -pwd $1
#add a certificate signing request csr to the server's wallet
orapki wallet add -wallet $vhostnames -dn "CN=$vhostnamef" -keysize 2048 -pwd $1
#export the crs
orapki wallet export -wallet $vhostnames -dn "CN=$vhostnamef" -request "$vhostnamef"_req.pem -pwd $1
#create a signed server or client certificate and sign it using the root certificate
orapki cert create -wallet root_ca -request "$vhostnamef"_req.pem -cert "$vhostnamef"_Cert.pem -serial_num 20 -validity 365 -sign_alg sha256 -pwd $1
#add the root certificate into client's or server' wallet as trusted certificate
orapki wallet add -wallet $vhostnames -trusted_cert -cert rootCA_Cert.pem -pwd $1
#add thr server certificate as a user certificate into the servers wallet
orapki wallet add -wallet $vhostnames -user_cert -cert "$vhostnamef"_Cert.pem -pwd $1


###DISTRIBUITION WALLET###
#create dist_client automatic login client wallet
orapki wallet create -wallet distclient -auto_login -pwd $1
#add a csr to the wallet
orapki wallet add -wallet distclient -dn "CN=$vhostnamef" -keysize 2048 -pwd $1
#export the CSR
orapki wallet export -wallet distclient -dn "CN=$vhostnamef" -request distclient_req.pem -pwd $1
#create a signed client certificate and sign it using the root certificate
orapki cert create -wallet root_ca -request distclient_req.pem -cert distclient_Cert.pem -serial_num 30 -validity 375 -sign_alg sha256 -pwd $1
#add the root certificate as a trusted certifcate
orapki wallet add -wallet distclient -trusted_cert -cert rootCA_Cert.pem -pwd $1
#add the client certificate as a user certificate into the client's or server's wallet
orapki wallet add -wallet distclient -user_cert -cert distclient_Cert.pem -pwd $1

Agora é só executar esse script com um parâmetro, a senha das wallets. Se você criou o script wallet.sh, seria apenas executar da seguinte maneira:

./wallet.sh Oracle123

Certificados e wallets serão criados no diretório atual, então, só criar um diretório específico para isso.

Agora, só executar o oggca.sh:

$ oggca.sh -silent -responseFile /home/oracle/oggca.rsp
Oracle GoldenGate Service Manager for Oracle
Version 19.1.0.0.4 OGGCORE_19.1.0.0.0_PLATFORMS_191017.1054

Copyright (C) 1995, 2019, Oracle and/or its affiliates. All rights reserved.

Linux, x64, 64bit (optimized) on Oct 17 2019 14:47:09
Operating system character set identified as UTF-8.

In order to register Service Manager as a system service/daemon, as a "root" user, execute the following script:
        (1). /u01/app/oracle/product/19.1.0/oggsm_1/bin/registerServiceManager.sh

To execute the configuration scripts:
  1.Open a terminal window
  2.Login as "root"
  3.Run the script


Successfully Setup Software.

Veja que foi solicitado executar um script como root, execute e o processo como todo será finalizado.

Acesse agora via browser utilizando HTTP ou HTTPS, se o deploy foi secure ou non secure, hostname ou ip, juntamente com a porta do service manager. Veja o meu caso:

E para acessar via adminclient, que é o ggsci da MA:

[oracle@guob ~]$ export OGG_CLIENT_TLS_CAPATH=/home/oracle/wallet/rootCA_Cert.pem
[oracle@guob ~]$ adminclient
Oracle GoldenGate Administration Client for Oracle
Version 19.1.0.0.4 OGGCORE_19.1.0.0.0_PLATFORMS_191017.1054

Copyright (C) 1995, 2019, Oracle and/or its affiliates. All rights reserved.

Linux, x64, 64bit (optimized) on Oct 17 2019 14:43:45
Operating system character set identified as UTF-8.

OGG (not connected) 1> connect https://192.168.50.163:9001 deployment oraclepress as admin
Password for 'admin' at 'https://192.168.50.163:9001':

OGG (https://192.168.50.163:9001 oraclepress) 2> info all
Program     Status      Group       Type             Lag at Chkpt  Time Since Chkpt

ADMINSRVR   RUNNING
DISTSRVR    RUNNING
PMSRVR      RUNNING
RECVSRVR    RUNNING

Pronto, finalizado. A partir de agora veremos como utilziar o GoldenGate na MicroServices Architecture!

A variável de ambiente OGG_CLIENT_TLS_CAPATH é necessária para se conectar via adminclient em um secure deploy.