EZConnect
One of the challenges of automation in bin Oracle Environments is dealing with tnsnames.ora files.
These files might grow big and are sometimes hard to distribute/maintain properly.
The worst is when manual modifications are needed: manual operations, if not made carefully, can screw up the connection to the databases.
The best solution is always using LDAP naming resolution. I have seen customers using OID, OUD, Active Directory, openldapd, all with a great level of control and automation. However, some customer don’t have/want this possibility and keep relying on TNS naming resolution.
When Data Guard (and eventually RAC) are in place, the tnsnames.ora gets filled by entries for the DGConnectIdentifiers and StaticConnectIdentifier. If I add the observer, an additional entry is required to access the dbname_CFG service created by the Fast Start Failover.
Actually, all these entries are not required if I use Easy Connect.
My friend Franck Pachot wrote a couple of nice blog posts about Easy Connect while working with me at CERN:
https://medium.com/@FranckPachot/19c-easy-connect-e0c3b77968d7
Basic Data Guard configuration
The basic configuration with Data Guard is quite simple to achieve with Easy Connect. In this examples I have:
– The primary database TOOLCDB1_SITE1
– The duplicated database for standby TOOLCDB1_SITE2
After setting up the static registration (no Grid Infrastructure in my lab):
1 2 3 4 5 6 7 8 |
SID_LIST_LISTENER= (SID_LIST= (SID_DESC= (GLOBAL_DBNAME=TOOLCDB1_SITE1_DGMGRL) (SID_NAME=TOOLCDB1) (ORACLE_HOME=/u01/app/oracle/product/db_19_8_0) ) ) |
and copying the passwordfile, the configuration can be created with:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
DGMGRL> create configuration TOOLCDB1 as primary database is TOOLCDB1_SITE1 connect identifier is 'newbox01:1521/TOOLCDB1_SITE1'; Configuration "toolcdb1" created with primary database "toolcdb1_site1" DGMGRL> edit database TOOLCDB1_SITE1 set property 'StaticConnectIdentifier'='newbox01:1521/TOOLCDB1_SITE1_DGMGRL'; Property "StaticConnectIdentifier" updated DGMGRL> add database TOOLCDB1_SITE2 as connect identifier is 'newbox02:1521/TOOLCDB1_SITE2'; Database "toolcdb1_site2" added DGMGRL> edit database TOOLCDB1_SITE2 set property 'StaticConnectIdentifier'='newbox02:1521/TOOLCDB1_SITE2_DGMGRL'; Property "StaticConnectIdentifier" updated DGMGRL> enable configuration; Enabled. |
That’s it.
Now, if I want to have the configuration observed, I need to activate the Fast Start Failover:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
DGMGRL> edit database toolcdb1_site1 set property LogXptMode='SYNC'; Property "logxptmode" updated DGMGRL> edit database toolcdb1_site2 set property LogXptMode='SYNC'; Property "logxptmode" updated DGMGRL> edit database toolcdb1_site1 set property FastStartFailoverTarget='toolcdb1_site2'; Property "faststartfailovertarget" updated DGMGRL> edit database toolcdb1_site2 set property FastStartFailoverTarget='toolcdb1_site1'; Property "faststartfailovertarget" updated DGMGRL> edit configuration set protection mode as maxavailability; Succeeded. DGMGRL> enable fast_start failover; Enabled in Zero Data Loss Mode. |
With just two databases, FastStartFailoverTarget is not explicitly needed, but I usually do it as other databases might be added to the configuration in the future.
After that, the broker complains that FSFO is enabled but there is no observer yet:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
DGMGRL> show fast_start failover; Fast-Start Failover: Enabled in Zero Data Loss Mode Protection Mode: MaxAvailability Lag Limit: 0 seconds Threshold: 180 seconds Active Target: toolcdb1_site2 Potential Targets: "toolcdb1_site2" toolcdb1_site2 valid Observer: (none) Shutdown Primary: TRUE Auto-reinstate: TRUE Observer Reconnect: 180 seconds Observer Override: FALSE Configurable Failover Conditions Health Conditions: Corrupted Controlfile YES Corrupted Dictionary YES Inaccessible Logfile NO Stuck Archiver NO Datafile Write Errors YES Oracle Error Conditions: (none) DGMGRL> show configuration; Configuration - toolcdb1 Protection Mode: MaxAvailability Members: toolcdb1_site1 - Primary database Warning: ORA-16819: fast-start failover observer not started toolcdb1_site2 - (*) Physical standby database Fast-Start Failover: Enabled in Zero Data Loss Mode Configuration Status: WARNING (status updated 39 seconds ago) |
Observer for multiple configurations
This feature has been introduced in 12.2 but it is still not widely used.
Before 12.2, the Observer was a foreground process: the DBAs had to start it in a wrapper script executed with nohup in order to keep it live.
Since 12.2, the observer can run as a background process as far as there is a valid wallet for the connection to the databases.
Also, 12.2 introduced the capability of starting multiple configurations with a single dgmgrl command: “START OBSERVING”.
For more information about it, you can check the documentation here:
https://docs.oracle.com/en/database/oracle/oracle-database/19/dgbkr/using-data-guard-broker-to-manage-switchovers-failovers.html#GUID-BC513CDB-1E06-4EB3-9FE1-E1331E15E492
How to set it up with Easy Connect?
First, I need a wallet. And here comes the first compromise:
Having a single dgmgrl session to start all my configurations means that I have a single wallet for all the databases that I want to observe.
Fair enough, all the DBs (CDBs?) are managed by the same team in this case.
If I have only observers on my host I can easily point to the wallet from my central sqlnet.ora:
1 2 3 4 5 6 |
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /u01/app/oracle/admin/observers/wallet)) ) SQLNET.WALLET_OVERRIDE = TRUE |
Otherwise I need to create a separate TNS_ADMIN for my observer management environment.
Then, I create the wallet:
1 2 3 4 5 6 7 8 |
$ WALLET_DIR=$ORACLE_BASE/admin/observers/wallet $ mkdir -p $WALLET_DIR $ orapki wallet create -wallet $WALLET_DIR -auto_login_local -pwd Password2020 Oracle PKI Tool Release 21.0.0.0.0 - Production Version 21.0.0.0.0 Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed. |
Now I need to add the connection descriptors.
Which connection descriptors do I need?
The Observer uses the DGConnectIdentifier to keep observing the databases, but needs a connection to both of them using the TOOLCDB1_CFG service (unless I specify something different with the broker configuration property ConfigurationWideServiceName) to connect to the configuration and get the DGConnectIdentifier information. Again, you can check it in the doc. or the note Oracle 12.2 – Simplified OBSERVER Management for Multiple Fast-Start Failover Configurations (Doc ID 2285891.1)
So I need to specify three secrets for three connection descriptors:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
$ mkstore -wrl "$TNS_ADMIN" -createCredential newbox01,newbox02:1521/TOOLCDB1_CFG sysdg Oracle Secret Store Tool Release 21.0.0.0.0 - Production Version 21.0.0.0.0 Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password: Enter wallet password: $ mkstore -wrl "$TNS_ADMIN" -createCredential newbox01:1521/TOOLCDB1_SITE1 sysdg Oracle Secret Store Tool Release 21.0.0.0.0 - Production Version 21.0.0.0.0 Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password: Enter wallet password: $ mkstore -wrl "$TNS_ADMIN" -createCredential newbox02:1521/TOOLCDB1_SITE2 sysdg Oracle Secret Store Tool Release 21.0.0.0.0 - Production Version 21.0.0.0.0 Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password: Enter wallet password: |
The first one will be used for the initial connection. The other two to observe the Primary and Standby.
I need to be careful that the first EZConnect descriptor matches EXACTLY what I put in observer.ora (see next step) and the last two match my DGConnectIdentifier (unless I specify something different with ObserverConnectIdentifier), otherwise I will get some errors and the observer will not observe correctly (or will not start at all).
The dgmgrl needs then a file named observer.ora.
$ORACLE_BASE/admin/observers or the central TNS_ADMIN would be good locations, but what if I have observers that must be started from multiple Oracle Homes?
In that case, having a observer.ora in $ORACLE_HOME/network/admin (or $ORACLE_BASE/homes/{OHNAME}/network/admin/ if Read-Only Oracle Home is enabled) would be a better solution: in this case I would need to start one session per Oracle Home
The content of my observer.ora must be something like:
1 2 3 4 5 6 7 8 |
BROKER_CONFIGS= ( (CONFIG= (NAME=TOOLCDB1) (CONNECT_ID=newbox01,newbox02:1521/TOOLCDB1_CFG) (CONFIG_HOME=/export/soft/oracle/admin/TOOLCDB1/observer) ) ) |
This is the example for my configuration, but I can put as many (CONFIG=…) as I want in order to observe multiple configurations.
Then, if everything is configured properly, I can start all the observers with a single command:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
DGMGRL> SET OBSERVERCONFIGFILE=/u01/app/oracle/admin/observers/observer.ora DGMGRL> START OBSERVING ObserverConfigFile=observer.ora observer configuration file parsing succeeded Submitted command "START OBSERVER" using connect identifier "newbox01,newbox02:1521/TOOLCDB1_CFG" Check superobserver.log, individual observer logs and Data Guard Broker logs for execution details. DGMGRL> show observers ObserverConfigFile=/u01/app/oracle/admin/observers/observer.ora observer configuration file parsing succeeded Submitted command "SHOW OBSERVER" using connect identifier "newbox01,newbox02:1521/TOOLCDB1_CFG" Connected to "TOOLCDB1_SITE2" Configuration - toolcdb1 Primary: toolcdb1_site1 Active Target: toolcdb1_site2 Observer "newbox03.trivadistraining.com1" - Master Host Name: newbox03.trivadistraining.com Last Ping to Primary: 1 second ago Last Ping to Target: 2 seconds ago |
Troubleshooting
If the observer does not work, sometimes it is not easy to understand the cause.
- Has SYSDG been granted to SYSDG user? Is SYSDG account unlocked?
- Does sqlnet.ora contain the correct wallet location?
- Is the wallet accessible in autologin?
- Are the entries in the wallet correct? (check with “sqlplus /@connstring as sysdg”)
Missing pieces
Here, a few features that I think would be a nice addition in the future:
- Awareness for the ORACLE_HOME to be used for each observer
- Possibility to specify a different TNS_ADMIN per observer (different wallets)
- Integration with Grid Infrastructure (srvctl add observer…) and support for multiple observers
—
Ludovico