标签:restore 备份 TDE oracle RMAN DISK rman channel ORA
目录rman加密
-
口令加密,就像输入密码一样
-
TDE透明加密,适合本地加密和恢复
-
混合加密,两者混合
加密模式
SQL> col ALGORITHM_NAME for a20;
SQL> col ALGORITHM_DESCRIPTION for a30;
SQL> set linesize 200;
SQL> select * from v$rman_encryption_algorithms;
ALGORITHM_ID ALGORITHM_NAME ALGORITHM_DESCRIPTION IS_ RES CON_ID
------------ -------------------- ------------------------------ --- --- ----------
1 AES128 AES 128-bit key YES NO 0
2 AES192 AES 192-bit key NO NO 0
3 AES256 AES 256-bit key NO NO 0
口令加密
以下是使用密码加密备份:
1、 set encryption on identified by 'oracle' only;
2、 backup database;
3、 删除一个数据文件,然后 shutdown abort
4、 重启时会报错
5、 使用 rman 恢复时提示钱包没有打开
6、 set decryption identified by 'oracle';
7、 restore datafile 2,recover datafile2;
8、 成功。
例子:
RMAN> show all
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
#启用加密
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters:
CONFIGURE ENCRYPTION FOR DATABASE ON;
new RMAN configuration parameters are successfully stored
#查看
RMAN> show encryption for database;
RMAN configuration parameters for database with db_unique_name ORCL are:
CONFIGURE ENCRYPTION FOR DATABASE ON;
#only表示只以口令的方式加密,设置口令oracle
RMAN> set encryption on identified by 'oracle' only;
executing command: SET encryption
#备份表空间,然后关库
RMAN> backup tablespace users format '/tmp/test/user_%d_%s';
RMAN> shutdown abort;
#删除物理文件
[oracle@db2 ~]$ rm -f /u01/app/oracle/oradata/ORCL/users01.dbf
#缺文件,启动报错
RMAN> startup;
connected to target database (not started)
Oracle instance started
database mounted
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of startup command at 05/11/2022 16:17:25
ORA-01157: cannot identify/lock data file 7 - see DBWR trace file
ORA-01110: data file 7: '/u01/app/oracle/oradata/ORCL/users01.dbf'
#restore报错,提示钱包没有打开
RMAN> restore tablespace users;
Starting restore at 11-MAY-22
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=622 device type=DISK
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00007 to /u01/app/oracle/oradata/ORCL/users01.dbf
channel ORA_DISK_1: reading from backup piece /tmp/test/user_ORCL_438
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 05/11/2022 16:19:28
ORA-19870: error while restoring backup piece /tmp/test/user_ORCL_438
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
#设置解密口令
RMAN> set decryption identified by 'oracle';
executing command: SET decryption
#restore正常
RMAN> restore tablespace users;
RMAN> recover tablespace users;
RMAN> alter database open;
Statement processed
TDE透明加密
适合本地备份本地恢复
透明(Transparent)模式 默认的加密方式,比较适合于同一服务器进行的备份和恢复,换台
服务器就无法识别了,因为缺少必备的密钥。 这种方法不需要设置密码,很适合在本地的
备份与恢复,如果备份不需要传到其他的机器上, 建议采用这样的加密方法。因为不需要
密码,只需要配置加密/解密信任书,也就是 Oracle Encryption Wallet. 创建使用步骤例子:
1、创建钱包
2、打开钱包
RMAN> sql 'alter system set wallet open identified by oracle';
3、设置加密备份
RMAN> configure encryption for database on;
4、备份数据库
5、在 restore 数据库前要确保钱包打开
RMAN> sql 'alter system set wallet open identified by oracle';
6、restore 数据库
例子
#wallet配置
/u01/app/oracle/product/19.3/dbhome_1/network/admin/sqlnet.ora
中加入条目
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/product/19.3/dbhome_1/network/admin/wallet)))
#确保目录存在
mkdir /u01/app/oracle/product/19.3/dbhome_1/network/admin/wallet
#创建mster key
SQL> alter system set key identified by "welcome1";
#打开钱夹
SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "welcome1";
System altered.
关闭钱夹:ALTER SYSTEM SET ENCRYPTION WALLET CLOSE IDENTIFIED BY "welcome1";
#wallet创建好之后,rman备份可以用Wallet选项来备份。
RMAN> configure encryption for database on;
RMAN> set encryption on;
#备份,关库,关库之后钱夹也会close,恢复时要打开
backup tablespace users format '/tmp/test/user_%d_%s';
shutdown abort
rm -f users01.dbf
#启动报错
startup
#restore显示钱夹未打开
RMAN> restore tablespace users;
Starting restore at 11-MAY-22
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00007 to /u01/app/oracle/oradata/ORCL/users01.dbf
channel ORA_DISK_1: reading from backup piece /tmp/test/user_ORCL_439
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 05/11/2022 17:26:56
ORA-19870: error while restoring backup piece /tmp/test/user_ORCL_439
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
#打开钱夹,正常恢复
RMAN> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "welcome1";
Statement processed
RMAN> restore tablespace users;
Starting restore at 11-MAY-22
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backup set restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
channel ORA_DISK_1: restoring datafile 00007 to /u01/app/oracle/oradata/ORCL/users01.dbf
channel ORA_DISK_1: reading from backup piece /tmp/test/user_ORCL_439
channel ORA_DISK_1: piece handle=/tmp/test/user_ORCL_439 tag=TAG20220511T172058
channel ORA_DISK_1: restored backup piece 1
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 11-MAY-22
RMAN> recover tablespace users;
startup
修改wallet密码:
1.命令修改:
$orapki wallet change_pwd -wallet /u01/key -oldpwd oracle123 -newpwd oracle456
2.图形化工具owm
wallet——open打开wallet文件夹,然后就想相关设置
混合加密
也就是本地使用TDE,异地恢复使用口令
例子
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;
#不加only
RMAN> set encryption on identified by 'oracle';
#确保钱夹配置并打开
SELECT * FROM v$encryption_wallet;
RMAN> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY oracle;#重新打开
#备份表空间,关库,删除数据文件
RMAN> backup tablespace users format '/tmp/test/user_%d_%s';
shutdown abort
rm -f users01.dbf
#startup正常报错
startup
#restore
RMAN> restore tablespace users;
从位于 11-5月 -22 的 restore 开始
使用通道 ORA_DISK_1
通道 ORA_DISK_1: 正在开始还原数据文件备份集
通道 ORA_DISK_1: 正在指定从备份集还原的数据文件
通道 ORA_DISK_1: 将数据文件 00007 还原到 /u01/app/oracle/oradata/ORCL/users01.dbf
通道 ORA_DISK_1: 正在读取备份片段 /tmp/test/user_ORCL_68
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: 位于 05/11/2022 20:52:27 的 restore 命令失败
ORA-19870: 还原备份片段 /tmp/test/user_ORCL_68 时出错
ORA-19913: 无法解密备份
ORA-28365: Wallet 未打开
#设置口令来恢复(注意这里重启后钱夹时关的,也就侧面证明异机用钱包恢复)
RMAN> set decryption identified by 'oracle';
正在执行命令: SET decryption
#正常还原
RMAN> restore tablespace users;
从位于 11-5月 -22 的 restore 开始
使用通道 ORA_DISK_1
通道 ORA_DISK_1: 正在开始还原数据文件备份集
通道 ORA_DISK_1: 正在指定从备份集还原的数据文件
通道 ORA_DISK_1: 将数据文件 00007 还原到 /u01/app/oracle/oradata/ORCL/users01.dbf
通道 ORA_DISK_1: 正在读取备份片段 /tmp/test/user_ORCL_73
通道 ORA_DISK_1: 片段句柄 = /tmp/test/user_ORCL_73 标记 = TAG20220511T210214
通道 ORA_DISK_1: 已还原备份片段 1
通道 ORA_DISK_1: 还原完成, 用时: 00:00:01
在 11-5月 -22 完成了 restore
RMAN> recover tablespace users;
RMAN> alter database open;
标签:restore,备份,TDE,oracle,RMAN,DISK,rman,channel,ORA 来源: https://www.cnblogs.com/shipment/p/16259952.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。