本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# Oracle Database@ 中零 ETL 整合的先決條件AWS
設定零 ETL 整合之前,請確定您符合下列先決條件。
## 一般先決條件
+ **Oracle Database@AWS setup** – 確認您至少已佈建並執行一個 VM 叢集。
+ **與啟用零 ETL 的整合** – 確保您的 VM 叢集或自治 VM 叢集與啟用零 ETL 的 ODB 網路相關聯。
+ **支援的 Oracle 資料庫版本** – 您必須使用 Oracle Database 19c (Oracle Exadata) 或 Oracle Database 19c/23ai (專用基礎設施上的自主資料庫)。
+ **相同 AWS 區域** – 來源 Oracle 資料庫和目標 Amazon Redshift 叢集必須位於相同 AWS 區域。
## Oracle 資料庫先決條件
您必須使用下列設定來設定 Oracle 資料庫。
### 複寫使用者設定
在您要複寫的每個可插入資料庫 (PDB) 中建立專用複寫使用者:
+ **對於 Oracle Exadata** – `ODBZEROETLADMIN`建立具有安全密碼的使用者。
+ **對於專用基礎設施上的自治資料庫** – 使用現有`GGADMIN`使用者。
將下列許可授予複寫使用者。
```
-- For Autonomous Database on Dedicated Infrastructure only
ALTER USER GGADMIN ACCOUNT UNLOCK;
ALTER USER GGADMIN IDENTIFIED BY {{ggadmin-password}};
-- For Oracle Exadata only
GRANT SELECT ON {{any-replicated-table}} TO "ODBZEROETLADMIN";
GRANT LOGMINING to "ODBZEROETLADMIN";
-- Grant the following permissions to all services.
-- For Oracle Exadata, use the ODBZEROETLADMIN user. For Autonomous Database on Dedicated Infrastructure,
-- use the GGADMIN user.
GRANT CREATE SESSION TO "ODBZEROETLADMIN";
GRANT SELECT ANY TRANSACTION TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$ARCHIVED_LOG TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOG TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOGFILE TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOGMNR_LOGS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOGMNR_CONTENTS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$DATABASE TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$THREAD TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$PARAMETER TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$NLS_PARAMETERS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$TIMEZONE_NAMES TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$TRANSACTION TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$CONTAINERS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_INDEXES TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_OBJECTS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_TABLES TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_USERS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_CATALOG TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_CONSTRAINTS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_CONS_COLUMNS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_TAB_COLS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_IND_COLUMNS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_ENCRYPTED_COLUMNS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_LOG_GROUPS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_TAB_PARTITIONS TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.DBA_REGISTRY TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.OBJ$ TO "ODBZEROETLADMIN";
GRANT SELECT ON DBA_TABLESPACES TO "ODBZEROETLADMIN";
GRANT SELECT ON DBA_OBJECTS TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.ENC$ TO "ODBZEROETLADMIN";
GRANT SELECT ON GV_$TRANSACTION TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$DATAGUARD_STATS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$DATABASE_INCARNATION TO "ODBZEROETLADMIN";
GRANT EXECUTE ON SYS.DBMS_CRYPTO TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.DBA_DIRECTORIES TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_VIEWS TO "ODBZEROETLADMIN";
GRANT SELECT ON DBA_SEGMENTS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$TRANSPORTABLE_PLATFORM TO "ODBZEROETLADMIN";
GRANT CREATE ANY DIRECTORY TO "ODBZEROETLADMIN";
GRANT EXECUTE ON DBMS_FILE_TRANSFER TO "ODBZEROETLADMIN";
GRANT EXECUTE ON DBMS_FILE_GROUP TO "ODBZEROETLADMIN";
GRANT EXECUTE on DBMSLOGMNR to "ODBZEROETLADMIN";
GRANT SELECT on V_$LOGMNRLOGS to "ODBZEROETLADMIN";
GRANT SELECT on V_$LOGMNRCONTENTS to "ODBZEROETLADMIN";
GRANT LOGMINING to "ODBZEROETLADMIN";
GRANT SELECT ON GV_$CELL_STATE TO "ODBZEROETLADMIN";
```
### 補充記錄
在您的 Oracle 資料庫上啟用補充記錄,以擷取變更資料。
```
-- Check if supplemental logging is enabled
SELECT supplemental_log_data_min FROM v$database;
-- Enable supplemental logging if not already enabled.
-- For Oracle Exadata, enable supplemental logging on both the CDB and PDB.
-- For Autonomous Database on Dedicated Infrastructure, enable supplemental logging on the PDB only.
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA;
-- For Autonomous Database on Dedicated Infrastructure only
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA (PRIMARY KEY) COLUMNS;
-- Archive current online redo log
ALTER SYSTEM ARCHIVE LOG CURRENT;
```
若要設定 Oracle Database@AWS 與 Amazon Redshift 之間的零 ETL 整合,您必須設定 SSL。
**對於 Oracle Exadata 資料庫**
您必須在連接埠 2484 上手動設定 SSL。此任務包含下列項目:
+ 在 `(PROTOCOL=tcps)(PORT=2484)`中設定 `listener.ora`
+ 使用 設定錢包 `sqlnet.ora`
+ 產生和設定 SSL 憑證 (請參閱 My Oracle Support 文件中的[如何設定 Exadata Cloud Database (ExaCC/ExaCS) (文件 ID 2947301.1)](https://support.oracle.com/knowledge/Oracle%20Database%20Products/2947301_1.html))
**對於自治資料庫**
連接埠 2484 上的 SSL 預設為啟用。不需任何其他設定。
SSL 連接埠固定為 2484。
### AWS 服務先決條件
在設定零 ETL 整合之前,請設定 AWS Secrets Manager 並設定 IAM 許可。
#### 設定 AWS Secrets Manager
將 Oracle 資料庫登入資料儲存在 AWS Secrets Manager 中,如下所示:
1. 在 Key Management Service 中建立客戶受管 AWS 金鑰 (CMK)。
1. 使用 CMK 將資料庫登入資料儲存在 AWS Secrets Manager 中。
1. 設定資源政策以允許 Oracle Database@AWS access。
若要取得 TDE 金鑰 ID 和密碼,請使用[支援加密方法中所述的技術,以使用 Oracle 做為 AWS Database Migration Service 的來源](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Encryption)。下列命令會產生 base64 錢包。
```
base64 -i cwallet.sso > wallet.b64
```
下列範例顯示 Oracle Exadata 的秘密。對於 {{asm\_service\_name}},{{111.11.11.11}} 代表 VM 節點的虛擬 IP。您也可以向 SCAN 註冊 ASM 接聽程式。
```
{
"database_info": [
{
"name": "ODBDB_ZETLPDB",
"service_name": "ODBDB_ZETLPDB.paas.oracle.com",
"username": "ODBZEROETLADMIN",
"password": "secure_password",
"tde_key_id": "ORACLE.SECURITY.DB.ENCRYPTION.key_id",
"tde_password": "tde_password",
"certificateWallet": "base64_encoded_wallet_content"
}
],
"asm_info": {
"asm_user": "odbzeroetlasm",
"asm_password": "secure_password",
"asm_service_name": "111.11.11.11:2484/+ASM"
}
}
```
下列範例顯示專用基礎設施上自治資料庫的秘密。
```
{
"database_info": [
{
"database_name": "ZETLACD_ZETLADBMORECPU",
"service_name": "ZETLADBMORECPU_high.adw.oraclecloud.com",
"username": "ggadmin",
"password": "{{secure_password}}",
"certificateWallet": "{{base64_encoded_wallet_content}}"
}
]
}
```
#### 設定 IAM 許可
建立允許零 ETL 整合操作的 IAM 政策。下列範例政策允許描述、建立、更新和刪除 Exadata VM 叢集的操作。對於自治 VM 叢集,請使用 值`cloud-autonomous-vm-cluster`,而不是資源 ARN `cloud-vm-cluster`的值。