ORACLE RMAN ENCRYPTION(WALLET)

如下这篇文章，主要是做一个简单的rman加密的演示

启用db的加密

RMAN> CONFIGURE ENCRYPTION FOR DATABASE on2> ;new RMAN configuration parameters:CONFIGURE ENCRYPTION FOR DATABASE ON;new RMAN configuration parameters are successfully stored

查看数据库默认的加密算法

SQL> select * from v$rman_encryption_algorithms;ALGORITHM_ID ALGORITHM_NAME  ALGORITHM_DESCR IS_DEFAUL RESTORE_O------------ --------------- --------------- --------- ---------       1 AES128      AES 128-bit key        YES       NO       2 AES192      AES 192-bit key        NO        NO       3 AES256      AES 256-bit key        NO        NORMAN> show encryption algorithm;RMAN configuration parameters for database with db_unique_name ORCL are:CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

设定密码

RMAN> set encryption on identified by "Oracle123" only;executing command: SET encryption

尝试去备份

RMAN> set decryption identified by "Oracle123";executing command: SET decryptionRMAN> backup database;Starting backup at 11-AUG-17using channel ORA_DISK_1using channel ORA_DISK_2using channel ORA_DISK_3using channel ORA_DISK_4using channel ORA_DISK_5using channel ORA_DISK_6channel ORA_DISK_1: starting full datafile backup setchannel ORA_DISK_1: specifying datafile(s) in backup set××× ××××continuing other job steps, job failed will not be re-runRMAN-03009: failure of backup command on ORA_DISK_3 channel at 08/11/2017 12:05:50ORA-19914: unable to encrypt backupORA-28365: wallet is not opencontinuing other job steps, job failed will not be re-runRMAN-00571: ===========================================================RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571: ===========================================================RMAN-03009: failure of backup command on ORA_DISK_4 channel at 08/11/2017 12:05:50ORA-19914: unable to encrypt backupORA-28365: wallet is not openRMAN> 

ORA-28365: wallet is not open 该错误的解释：[oracle@hdp backupset]$ oerr ora 2836528365, 0000, "wallet is not open"// *Cause:  The security module wallet has not been opened.// *Action: Open the wallet.

去相应目录创建wallet文件夹就可以了

– 创建钱夹

[oracle@hdp orcl]$ mkdir wallet[oracle@hdp orcl]$ pwd/u01/app/oracle/admin/orcl[oracle@hdp orcl]$ lsadump  dpdump  pfile  wallet[oracle@hdp orcl]$ sqlplus /  as sysdbaSQL*Plus: Release 11.2.0.4.0 Production on Fri Aug 11 12:12:35 2017Copyright (c) 1982, 2013, Oracle.  All rights reserved.Connected to:Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit ProductionWith the Partitioning, OLAP, Data Mining and Real Application Testing optionsSQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Oracle123"  2  ;System altered.SQL> ALTER SYSTEM SET DECRYPTION KEY IDENTIFIED BY "Oracle123"

再次去备份的时候发现可以正常备份了。

然后我们再试着去恢复

RMAN> set decryption identified by "Oracle123";RMAN> restore database;Starting restore at 11-AUG-17using target database control file instead of recovery catalogallocated channel: ORA_DISK_1channel ORA_DISK_1: SID=63 device type=DISKallocated channel: ORA_DISK_2channel ORA_DISK_2: SID=129 device type=DISK××× ××××channel ORA_DISK_3: restoring datafile 00001 to /u01/app/oracle/oradata/orcl/system01.dbfchannel ORA_DISK_3: reading from backup piece /u02/backup/ORCL/backupset/2017_08_11/o1_mf_nnndf_TAG20170811T121333_drtcqfq0_.bkpRMAN-00571: ===========================================================RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571: ===========================================================RMAN-03002: failure of restore command at 08/11/2017 12:19:20ORA-19870: error while restoring backup piece /u02/backup/ORCL/backupset/2017_08_11/o1_mf_nnndf_TAG20170811T121333_drtcqfsk_.bkpORA-19913: unable to decrypt backupORA-28365: wallet is not openRMAN> 

原来是wallet没有打开

 1*  SELECT * FROM V$ENCRYPTION_WALLETSQL> /WRL_TYPE                             WRL_PARAMETER   STATUS------------------------------------------------------------ --------------- ------------------------------------------------------file                                 /u01/app/oracle **CLOSED**                                 /admin/orcl/wal                                 letSQL> alter system set wallet open identified by "Oracle123"  2  /System altered.SQL>  SELECT * FROM V$ENCRYPTION_WALLET;WRL_TYPE                             WRL_PARAMETER   STATUS------------------------------------------------------------ --------------- ------------------------------------------------------file                                 /u01/app/oracle OPEN                                 /admin/orcl/wal                                 letSQL> 

打开钱包后的操作,我们才可以继续我们的操作

[oracle@hdp ~]$ rman target/Recovery Manager: Release 11.2.0.4.0 - Production on Fri Aug 11 12:36:52 2017Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.connected to target database: ORCL (DBID=1477533441, not open)RMAN> restore database;Starting restore at 11-AUG-17using target database control file instead of recovery catalogallocated channel: ORA_DISK_1channel ORA_DISK_1: SID=129 device type=DISKallocated channel: ORA_DISK_2channel ORA_DISK_2: SID=194 device type=DISKallocated channel: ORA_DISK_3channel ORA_DISK_3: SID=5 device type=DISK******        [ignore something]                  ******channel ORA_DISK_3: piece handle=/u02/backup/ORCL/backupset/2017_08_11/o1_mf_nnndf_TAG20170811T121333_drtcqfq0_.bkp tag=TAG20170811T121333channel ORA_DISK_3: restored backup piece 1channel ORA_DISK_3: restore complete, elapsed time: 00:00:15Finished restore at 11-AUG-17RMAN> recover database;Starting recover at 11-AUG-17using channel ORA_DISK_1using channel ORA_DISK_2using channel ORA_DISK_3using channel ORA_DISK_4using channel ORA_DISK_5using channel ORA_DISK_6datafile 4 not processed because file is offlinestarting media recoverymedia recovery complete, elapsed time: 00:00:00Finished recover at 11-AUG-17RMAN> sql 'alter database open'2> ;sql statement: alter database openRMAN>