原 Oracle 12c的DG自动同步密码文件--ASM 新特性:共享密码文件
相关配置SQL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | orapwd file='+data/lhrdbPRI/password/orapwlhrdbpri' force=y dbuniquename=lhrdbpri format=12 sys=oracle sysbackup=oracle sysdg=oracle syskm=oracle orapwd input_file='+data/lhrdbPRI/password/orapwlhrdbpri' file='+ocr/asm/password/orapwASM' asm=y force=y srvctl config db -d lhrdbpri -a srvctl modify db -d lhrdbpri -pwfile '+data/lhrdbPRI/password/orapwlhrdbpri' ---密码文件 linux区分$ORACLE_SID大小写 sysdba select* from v$pwfile_users; --linux:orapw+$ORACLE_SID --windows: pwd+$ORACLE_SID.ora --密码文件存放在ASM中: orapwd file='+data/lhrracphy/PASSWORD/pwdlhrracphy' force=y dbuniquename=lhrracphy format=12 password=lhr orapwd file='+data' force=y dbuniquename=lhrracphy format=12 password=lhr orapwd file='+data/lhrdbPRI/password/orapwlhrdbpri' force=y dbuniquename=lhrdbpri format=12 sys=oracle sysbackup=oracle sysdg=oracle syskm=oracle --使用老密码文件替换新密码文件 orapwd input_file='+data/lhrdbPRI/password/orapwlhrdbpri' file='+ocr/asm/password/orapwASM' force=y orapwd input_file='+data/lhrdbPRI/password/orapwlhrdbpri' file='+ocr/asm/password/orapwASM' asm=y force=y --备份密码文件 ASMCMD> pwcopy pwdorcl.378.98780432 /home/grid/ --配置数据库的密码文件 srvctl config db -d lhrdbpri -a srvctl modify db -d lhrdbpri -pwfile '+data/lhrdbPRI/password/orapwlhrdbpri' oradim -NEW -sid orcl9i -INTPWD admin -pfile d:\oracle\ora90\database\initstorm.ora; C:\Users\Administrator> orapwd file="E:\oracle\ora8i\DATABASE\PWDortest.ORA" password=lhr [oracle@robinson dbs]$ orapwd file=$ORACLE_HOME/dbs/orapworcl password=oracle force=y asmcmd同样也可以创建密码文件: $ asmcmd ASMCMD> pwcreate ASMCMD [+] > pwcreate --asm +DG/mydir/mypwfile 'oracle' -f --format 12 ASMCMD [+] > pwcreate --dbuniquename racdb +DG/mydir/mypwfile 'oracle' -f --format 12 其它命令: pwcreate、pwdelete、pwcopy、pwmove、pwset、pwget ASMCMD> pwget --dbuniquename lhrdbpri +data/lhrdbPRI/password/orapwlhrdbpri ASM存储密码文件前提条件是ASM磁盘组的 COMPATIBLE.ASM>= 12.1 select name,compatibility from v$asm_diskgroup; -- create new password in ASM orapwd file='+data/ASM/orapwasm' asm=y -- create new password in ASM from location orapwd input_file='/oraclegrid/dbs/orapwasm' file='+data/ASM/orapwasm'[asm=y] -- move password file from A asm diskgroup to another ASMCMD> pwmove --asm +CRS/asm/password/orapwasm +data/orapwasm |
oracle 11g 12c dg环境 SYS密码同步的问题
When password file is used for Redo Transport Authentication, the password of redo transport user should be same across primary and all its physical and snapshot standby databases. By default SYS user is used to authenticate redo transport sessions when password file is used.
Till 12cR1 Dataguard setup, if there is a change in password file of Primary database like Changes in password or Changes in admin privileges, then the password file needs to be copied from Primary database to standby database server and rename it according to standby database Instance name. If the password file of Primary and Standby databases are not same, then errors will be seen.
In 12cR2, the password file of standby database gets synchronized automatically when there is a change in Primary database password file. The password file change of Primary will be included in Redo and when the Redo is applied to standby, the synchronization happens in the background.
1 、 11g中口令文件并不能实现存放于asm共享访问,修改SYS密码,需要再每个RAC节点手动实施同步 ,同样备库的口令文件也要手动进行更新覆盖
2、12.1版本可以实现口令文件ASM共享存储,RAC中只需要一个节点执行alter user sys 就可以实现主库所有节点同步,这点是11g中无法实现。但是备库中口令文件依然需要手动同步主库的口令文件过来覆盖
3 、12.2版本oracle在口令文件ASM共享存储的前提下,实现了口令文件自动同步主备所有节点
MOS ---
Automatic Password file synchronization in 12.2 Dataguard Standby database
Data Guard Standby Automatic Password file Synchronization in 12.2 (文档 ID 2307365.1)
This feature automatically synchronizes password files across Oracle Data Guard configurations. When the passwords of SYS, SYSDG, and so on, are changed, the password file at the primary database is updated and then the changes are propagated to all standby databases in the configuration.
该特性自动同步Oracle数据保护配置中的密码文件。当SYS、SYSDG等的密码发生更改时,主数据库中的密码文件被更新,然后将更改传播到配置中的所有备用数据库。
This feature provides additional automation that further simplifies management of Oracle Data Guard configurations.
这个特性提供了额外的自动化,进一步简化了Oracle数据保护配置的管理。
Redo Transport Authentication Using a Password File
In an Oracle Data Guard configuration, all physical and snapshot standby databases must use a copy of the password file from the primary database. That copy is automatically refreshed whenever an administrative privilege (SYSDG, SYSOPER, SYSDBA, and so on) is granted or revoked, and after the password of any user with administrative privileges is changed. The only exception to this is far sync instances. Updated password files must still be manually copied to far sync instances because far sync instances receive redo, but do not apply it. Once the password file is up-to-date at the far sync instance the redo containing the password update at the primary is automatically propagated to any standby databases that are set up to receive redo from that far sync instance. The password file is updated on the standby when the redo is applied.
在Oracle数据保护配置中,所有物理和快照备用数据库必须使用来自主数据库的密码文件副本。当管理员权限(SYSDG、SYSOPER、SYSDBA等)被授予或撤销时,该副本将自动刷新,并且任何具有管理员权限的用户的密码发生更改后,该副本将自动刷新。唯一的例外是far sync instances。更新的密码文件必须手动复制到far sync instances,因为far sync instances接收重做,但不应用它。一旦密码文件在远同步实例中是最新的,那么在主服务器上包含密码更新的重做就会自动传播到任何准备far sync instances接收重做的备用数据库。在应用重做时,在备用服务器上更新密码文件。
参考
https://uhesse.com/2017/01/10/auto-sync-for-password-files-in-oracle-12c-data-guard/
Data Guard Standby Automatic Password file Synchronization in 12.2 (文档 ID 2307365.1)
APPLIES TO:
Oracle Database - Enterprise Edition - Version 12.2.0.1 and later
Information in this document applies to any platform.
GOAL
Automatic Password file synchronization in 12.2 Dataguard Standby database
SOLUTION
When password file is used for Redo Transport Authentication, the password of redo transport user should be same across primary and all its physical and snapshot standby databases. By default SYS user is used to authenticate redo transport sessions when password file is used.
Till 12cR1 Dataguard setup, if there is a change in password file of Primary database like Changes in password or Changes in admin privileges, then the password file needs to be copied from Primary database to standby database server and rename it according to standby database Instance name. If the password file of Primary and Standby databases are not same, then errors will be seen.
In 12cR2, the password file of standby database gets synchronized automatically when there is a change in Primary database password file. The password file change of Primary will be included in Redo and when the Redo is applied to standby, the synchronization happens in the background.
Exception: Far-sync Instances (where the redo will not be applied). We need to manually copy the password file. Once the password file is sync at Far-Sync instance, the redo having password file information will get transmitted to standby which are suppose to receive from Far-sync instance.
