本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 在 Oracle 数据库中实现零 ETL 集成的先决条件@AWS
在设置零 ETL 集成之前,请确保满足以下先决条件。
## 一般先决条
+ **Oracle Database@AWS 设置** — 确保已配置并运行至少一个虚拟机集群。
+ **已启用零 ETL 集成 — 确保您的虚拟机集群或自治虚拟机群集与**启用了零 ETL 的 ODB 网络相关联。
+ **支持的 Oracle 数据库版本** — 必须使用 Oracle Database 19c(Oracle Exadata)或 Oracle Database 19c/23ai(专用基础设施上的自治数据库)。
+ **相同 AWS 区域** — 源 Oracle 数据库和目标 Amazon Redshift 集群必须位于同一 AWS 区域。
## 甲骨文数据库先决条件
您必须使用以下设置来配置 Oracle 数据库。
### 复制用户设置
在要复制的每个可插拔数据库 (PDB) 中创建一个专用的复制用户:
+ **对于 Oracle Exadata** — 使用安全`ODBZEROETLADMIN`密码创建用户。
+ **对于专用基础架构上的自治数据库**-使用现有`GGADMIN`用户。
向复制用户授予以下权限。
```
-- For Autonomous Database on Dedicated Infrastructure only
ALTER USER GGADMIN ACCOUNT UNLOCK;
ALTER USER GGADMIN IDENTIFIED BY {{ggadmin-password}};
-- For Oracle Exadata only
GRANT SELECT ON {{any-replicated-table}} TO "ODBZEROETLADMIN";
GRANT LOGMINING to "ODBZEROETLADMIN";
-- Grant the following permissions to all services.
-- For Oracle Exadata, use the ODBZEROETLADMIN user. For Autonomous Database on Dedicated Infrastructure,
-- use the GGADMIN user.
GRANT CREATE SESSION TO "ODBZEROETLADMIN";
GRANT SELECT ANY TRANSACTION TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$ARCHIVED_LOG TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOG TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOGFILE TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOGMNR_LOGS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$LOGMNR_CONTENTS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$DATABASE TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$THREAD TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$PARAMETER TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$NLS_PARAMETERS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$TIMEZONE_NAMES TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$TRANSACTION TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$CONTAINERS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_INDEXES TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_OBJECTS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_TABLES TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_USERS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_CATALOG TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_CONSTRAINTS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_CONS_COLUMNS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_TAB_COLS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_IND_COLUMNS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_ENCRYPTED_COLUMNS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_LOG_GROUPS TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_TAB_PARTITIONS TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.DBA_REGISTRY TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.OBJ$ TO "ODBZEROETLADMIN";
GRANT SELECT ON DBA_TABLESPACES TO "ODBZEROETLADMIN";
GRANT SELECT ON DBA_OBJECTS TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.ENC$ TO "ODBZEROETLADMIN";
GRANT SELECT ON GV_$TRANSACTION TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$DATAGUARD_STATS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$DATABASE_INCARNATION TO "ODBZEROETLADMIN";
GRANT EXECUTE ON SYS.DBMS_CRYPTO TO "ODBZEROETLADMIN";
GRANT SELECT ON SYS.DBA_DIRECTORIES TO "ODBZEROETLADMIN";
GRANT SELECT ON ALL_VIEWS TO "ODBZEROETLADMIN";
GRANT SELECT ON DBA_SEGMENTS TO "ODBZEROETLADMIN";
GRANT SELECT ON V_$TRANSPORTABLE_PLATFORM TO "ODBZEROETLADMIN";
GRANT CREATE ANY DIRECTORY TO "ODBZEROETLADMIN";
GRANT EXECUTE ON DBMS_FILE_TRANSFER TO "ODBZEROETLADMIN";
GRANT EXECUTE ON DBMS_FILE_GROUP TO "ODBZEROETLADMIN";
GRANT EXECUTE on DBMSLOGMNR to "ODBZEROETLADMIN";
GRANT SELECT on V_$LOGMNRLOGS to "ODBZEROETLADMIN";
GRANT SELECT on V_$LOGMNRCONTENTS to "ODBZEROETLADMIN";
GRANT LOGMINING to "ODBZEROETLADMIN";
GRANT SELECT ON GV_$CELL_STATE TO "ODBZEROETLADMIN";
```
### 补充日志记录
在 Oracle 数据库上启用补充日志记录以捕获变更数据。
```
-- Check if supplemental logging is enabled
SELECT supplemental_log_data_min FROM v$database;
-- Enable supplemental logging if not already enabled.
-- For Oracle Exadata, enable supplemental logging on both the CDB and PDB.
-- For Autonomous Database on Dedicated Infrastructure, enable supplemental logging on the PDB only.
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA;
-- For Autonomous Database on Dedicated Infrastructure only
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA (PRIMARY KEY) COLUMNS;
-- Archive current online redo log
ALTER SYSTEM ARCHIVE LOG CURRENT;
```
要在 Oracle Database@ 和 Amazon AWS Redshift 之间设置零 ETL 集成,您必须配置 SSL。
**对于 Oracle Exadata 数据库**
您必须在端口 2484 上手动配置 SSL。此任务涉及以下内容:
+ `(PROTOCOL=tcps)(PORT=2484)`在中进行配置 `listener.ora`
+ 使用设置钱包 `sqlnet.ora`
+ 生成和配置 SSL 证书(请参阅 My Oracle Support 文档中的 “[如何配置 SSL/TCPS Exadata 云数据库 (exacc/exacs)(文档 ID 2947301.1](https://support.oracle.com/knowledge/Oracle%20Database%20Products/2947301_1.html))”)
**对于自治数据库**
默认情况下,端口 2484 上的 SSL 处于启用状态。无需其他配置。
SSL 端口固定为 2484。
### AWS 服务先决条件
在设置零 ETL 集成之前,请设置 S AWS ecrets Manager 并配置 IAM 权限。
#### 设置 S AWS ecrets Manager
将您的 Oracle 数据库凭据存储在 S AWS ecrets Manager 中,如下所示:
1. 在密钥管理服务中创建客户托管密 AWS 钥 (CMK)。
1. 使用 CMK 将数据库凭据存储在 S AWS ecrets Manager 中。
1. 配置资源策略以允许 Oracle Database@ 访问AWS 。
要获取 TDE 密钥 ID 和密码,请使用[支持 Oracle 作为 AWS 数据库迁移服务来源的加密方法](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Encryption)中描述的技术。以下命令生成 base64 钱包。
```
base64 -i cwallet.sso > wallet.b64
```
以下示例显示了 Oracle Exadata 的密钥。对于{{asm\_service\_name}},{{111.11.11.11}}表示虚拟机节点的虚拟 IP。您也可以使用 SCAN 注册 ASM 监听器。
```
{
"database_info": [
{
"name": "ODBDB_ZETLPDB",
"service_name": "ODBDB_ZETLPDB.paas.oracle.com",
"username": "ODBZEROETLADMIN",
"password": "secure_password",
"tde_key_id": "ORACLE.SECURITY.DB.ENCRYPTION.key_id",
"tde_password": "tde_password",
"certificateWallet": "base64_encoded_wallet_content"
}
],
"asm_info": {
"asm_user": "odbzeroetlasm",
"asm_password": "secure_password",
"asm_service_name": "111.11.11.11:2484/+ASM"
}
}
```
以下示例显示了专用基础设施上自治数据库的密钥。
```
{
"database_info": [
{
"database_name": "ZETLACD_ZETLADBMORECPU",
"service_name": "ZETLADBMORECPU_high.adw.oraclecloud.com",
"username": "ggadmin",
"password": "{{secure_password}}",
"certificateWallet": "{{base64_encoded_wallet_content}}"
}
]
}
```
#### 配置 IAM 权限
创建允许零 ETL 集成操作的 IAM 策略。以下示例策略允许对 Exadata 虚拟机集群执行描述、创建、更新和删除操作。对于自治虚拟机群集,请使用该值`cloud-autonomous-vm-cluster`代`cloud-vm-cluster`替资源 ARN。