• OGG 12.1: WARNING OGG-00936 Access denied (request from xxxx, rule #0)


    一、报错

    Ogg12.1版本,DB11.2.0.4
    
    安装OGG软件后,MGR进程看起来是running状态,后续配置抽取进程无法启动,观察mgr进程日志显示上述报错!!!
    
     OGG 12.2: WARNING OGG-00936 Access denied (request from xxxx, rule #0)
    OGG MGR参数配置
    
    ACCESSRULE,PROG SERVER,ALLOW

    二、问题处理

    2.1 MOS 2095174.1

    OGG无法启动和停止MGR的使用!!!
    OGG 12.2: WARNING OGG-00936 Access denied (request from xxxx, rule #0) (Doc ID 2095174.1) APPLIES TO: Oracle GoldenGate - Version 12.1.2.1.1 and later Information in this document applies to any platform. SYMPTOMS In ogg version 12.2, by default, the manager (and related extract/replicat) cannot be stopped/started remotely. 1. start manager from a shared drive, then try to stop from another server with same shared directory (like different RAC nodes) 2. start direct initial load. error: WARNING OGG-00936 Access denied (request from xxxx, rule #0) ERROR OGG-01201 Error reported by MGR : Access denied. CAUSE In ogg version 12.2, by default, the manager (and related extract/replicat) cannot be stopped/started remotely. SOLUTION The manager parameter ACCESSRULE can be used to control connection access to the Manager process and the processes under its control. It can be specified in the manager parameter file (the default location for the Oracle GoldenGate parameter files is the dirprm sub-directory
    of the Oracle GoldenGate directory) ACCESSRULE, PROG
    *, IPADDR *, ALLOW
    按照MOS的建议,调整后,kill mgr,start mgr 恢复使用! 但是为什么无法启动停止MGR呢??? 这个参数代表什么含义?

    2.2 参数说明

    https://docs.oracle.com/en/middleware/goldengate/core/19.1/reference/accessrule.html#GUID-6C74776D-2E05-429A-8B86-EBE882B4CF49
    ACCESSRULE
    Valid for Manager
    以控制连接访问管理器进程,并在其控制下的过程。
    Use ACCESSRULE to control connection access to the Manager process and the processes under its control. You can establish multiple
    rules by specifying multiple ACCESSRULE statements
    in the parameter file and control their priority. There is no limit to the number
    of rules that you can specify. To establish priority, you can either list the rules in order from most important to least important,
    or you can explicitly set the priority of each rule with the PRI option. Default None 程序名称 PROG program_name 配置访问规则适用于MGR的启动、停止、或者Kill,*统配符号,代表指定上述所有操作! Specifies connection security for a specific Oracle GoldenGate program or multiple programs specified with a wildcard. If one of these
    options is not specified, the access rule applies to all programs that Manager starts, stops, or kills. Valid values: GGSCI: Secures access to the GGSCI command-line interface. GUI: Secures access to Oracle GoldenGate from the Activity Console. MGR | MANAGER: Secures access to all inter-process commands controlled by Manager, such as START, STOP, and KILL REPLICAT: Secures connection to the Replicat process. COLLECTOR | SERVER: Secures the ability to dynamically create a Collector process. * (asterisk): Wildcard. Use a wildcard to specify all of the preceding options. IPADDR address 允许指定IP的主机,访问MGR Permits access to Manager from the host with the specified IP address. 优先规则 PRI rule 为每个ACCESSRULE访问语句指定优先级别,有效值1-99,1是优先级别最高! Specifies a priority for each ACCESSRULE statement. Valid values are from 1 through 99, with 1 being the highest priority and 99 being
    the lowest. Rules that have priorities assigned can appear in any order in the parameter file. login_ID 允许基于用户密码的访问,此参数需要指定USER and PASSWORD选项,或者使用秘钥 Permits access based on a user password. This option requires specifying USER and PASSWORD options with the RMTHOST parameter. The syntax for login_ID is: USER user, PASSWORD password, [ENCRYPTKEY keyname] Valid values: user : The user specified with the USER option of the RMTHOST parameter. password: The password specified with the PASSWORD option of the RMTHOST parameter. keyname: Optional. Specifies an encryption key in the ENCKEYS file. When ENCRYPTKEY keyname is used as part of the login ID, Oracle GoldenGate looks up the key in the ENCKEYS file on the target system and
    uses it to decrypt the corresponding password. If the decrypted password matches the password supplied with the password portion of the
    login ID option, the rule passes. ALLOW
    | DENY 指定的规则是允许访问还是拒绝访问 Determines whether the rule specified with ACCESSRULE permits or denies access. Either ALLOW or DENY is required. Example 1 以下访问规则允许任何以 IP 地址 205 或节点 194.168.11.102 开头的节点访问请求的服务。所有其他人都被拒绝。 The following access rules allow any nodes that begin with IP address 205 or the node 194.168.11.102 to access the requested services.
    All others are denied. ACCESSRULE, PROG
    *, IPADDR 194.168.11.102, ALLOW ACCESSRULE, PROG *, IPADDR 205.*, ALLOW ACCESSRULE, PROG *, IPADDR *, DENY Example 2 以下访问规则已通过 PRI 选项指定了明确的优先级。这些规则允许任何用户访问收集器进程(SERVER 程序),此外,允许 IP 地址 122.11.12.13 访问 GGSCI 命令。
    拒绝访问所有其他 Oracle GoldenGate 程序。 ACCESSRULE、PROG
    *、DENY、PRI 99ACCESSRULE、PROG SERVER、ALLOW、PRI 1ACCESSRULE、PROG GGSCI、IPADDR 122.11.12.13、PRI 1 Example 3 以下访问规则与示例 2 相同,但它们通过它们在参数文件中的顺序而不是PRI选项来分配优先级。 ACCESSRULE, PROG SERVER, ALLOWACCESSRULE, PROG GGSCI, IPADDR 122.11.12.13 ACCESSRULE, PROG *, DENY Example 4 以下访问规则授予用户JOHN具有访问所有程序的权限。 ACCESSRULE, PROG *, USER JOHN, PASSWORD OCEAN1 Example 5 以下访问规则授予用户 JOHN 访问所有程序的权限,并指定一个加密密钥来解密密码。如果提供的密码与查找文件中的密码PASSWORD匹配ENCKEYS,则授予连接。 ACCESSRULE, PROG *, USER JOHN, PASSWORD OCEAN1, ENCRYPTKEY lookup1

    看完这个参数,我们可以理解,最初的配置是ACCESSRULE,PROG SERVER,ALLOW ,即允许其它人访问,获取Secures the ability to dynamically create a Collector process.
    但是呢? 并没有启动和关闭MGR的能力,因此按照MOS调整后,大家都有stop,start,kill的权限了!!!
    但是这个问题12.2的OGG是没有问题的! 我的测试参数是从12.2 OGG MGR Copy过来的!
  • 相关阅读:
    函数7—递归
    函数6—内置函数
    PHP.6-PHP环境搭建(Windows环境下)-LAMP
    PHP.5-DIV+CSS布局网站首页实例
    PHP.4-DIV+CSS标准网页布局准备工作(下)
    PHP.3-DIV+CSS标准网页布局准备工作(上)
    PHP.2-LAMP平台介绍及网站的工作原理
    小白日记36:kali渗透测试之Web渗透-手动漏洞挖掘(二)-突破身份认证,操作系统任意命令执行漏洞
    PHP.1-网站开发概述
    小白日记35:kali渗透测试之Web渗透-手动漏洞挖掘(一)-默认安装引发的漏洞
  • 原文地址:https://www.cnblogs.com/lvcha001/p/14861035.html
Copyright © 2020-2023  润新知